File name:

DriverTalent_2548.exe

Full analysis: https://app.any.run/tasks/c8bc17ae-5695-474d-80c7-2b4ad4002a81
Verdict: Malicious activity
Analysis date: June 15, 2024, 18:40:17
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5:

1371BA1AB87CEA58D3571D6746F28447

SHA1:

E4D58E044017BB15BCB570759D182CC5C585ACC1

SHA256:

6B124A19F9BAED71B97D8A763071EA3CBD0A040AA0ED77E85067DDBE141EE472

SSDEEP:

196608:RF2IiRbjruqph20NfGPp1UFopvXj7dbIqlBYWEoEaNMqdZvR7vrdNqf:Hit/h2qf2DfpvXj7WqE/mMqdL7vrdN+

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • DriverTalent_2548.exe (PID: 6416)
      • HardWareReport.exe (PID: 6516)

    • Scans artifacts that could help determine the target

      • DriverTalent.exe (PID: 7088)

  • SUSPICIOUS

    • Checks Windows Trust Settings

      • DriverTalent_2548.exe (PID: 6416)
      • DriverTalent.exe (PID: 7088)

    • Reads security settings of Internet Explorer

      • DriverTalent_2548.exe (PID: 6416)
      • DriverTalent.exe (PID: 7088)
      • HardWareReport.exe (PID: 6516)

    • Executable content was dropped or overwritten

      • DriverTalent_2548.exe (PID: 6416)
      • HardWareReport.exe (PID: 6516)

    • Drops 7-zip archiver for unpacking

      • DriverTalent_2548.exe (PID: 6416)

    • Process drops legitimate windows executable

      • DriverTalent_2548.exe (PID: 6416)

    • Drops a system driver (possible attempt to evade defenses)

      • DriverTalent_2548.exe (PID: 6416)
      • HardWareReport.exe (PID: 6516)

    • Creates a software uninstall entry

      • DriverTalent_2548.exe (PID: 6416)

    • Creates or modifies Windows services

      • DriverTalent_2548.exe (PID: 6416)

    • Reads the date of Windows installation

      • DriverTalent_2548.exe (PID: 6416)
      • HardWareReport.exe (PID: 6516)

    • Reads Internet Explorer settings

      • DriverTalent.exe (PID: 7088)

    • Changes Internet Explorer settings (feature browser emulation)

      • DriverTalent.exe (PID: 7088)

    • Reads Microsoft Outlook installation path

      • DriverTalent.exe (PID: 7088)

    • Searches for installed software

      • DriverTalent.exe (PID: 7088)

    • Detected use of alternative data streams (AltDS)

      • DriverTalent.exe (PID: 7088)

    • Reads the BIOS version

      • HardWareReport.exe (PID: 6516)

    • The process checks if it is being run in the virtual environment

      • HardWareReport.exe (PID: 6516)

    • Connects to unusual port

      • DriverTalent.exe (PID: 7088)

    • Reads the Windows owner or organization settings

      • HardWareReport.exe (PID: 6516)

  • INFO

    • Create files in a temporary directory

      • DriverTalent_2548.exe (PID: 6416)

    • Checks supported languages

      • DriverTalent_2548.exe (PID: 6416)
      • DriverTalent.exe (PID: 7088)
      • HardWareReport.exe (PID: 6516)
      • identity_helper.exe (PID: 6368)
      • Dtl7z.exe (PID: 4944)
      • Dtl7z.exe (PID: 6648)
      • identity_helper.exe (PID: 6572)
      • identity_helper.exe (PID: 5180)

    • Reads the computer name

      • DriverTalent_2548.exe (PID: 6416)
      • DriverTalent.exe (PID: 7088)
      • HardWareReport.exe (PID: 6516)
      • Dtl7z.exe (PID: 4944)
      • identity_helper.exe (PID: 6368)
      • Dtl7z.exe (PID: 6648)
      • identity_helper.exe (PID: 5180)
      • identity_helper.exe (PID: 6572)

    • Reads the machine GUID from the registry

      • DriverTalent_2548.exe (PID: 6416)
      • DriverTalent.exe (PID: 7088)
      • HardWareReport.exe (PID: 6516)

    • Checks proxy server information

      • DriverTalent_2548.exe (PID: 6416)
      • DriverTalent.exe (PID: 7088)

    • Reads the software policy settings

      • DriverTalent_2548.exe (PID: 6416)
      • DriverTalent.exe (PID: 7088)
      • HardWareReport.exe (PID: 6516)

    • Creates files in the program directory

      • DriverTalent_2548.exe (PID: 6416)
      • DriverTalent.exe (PID: 7088)

    • Creates files or folders in the user directory

      • DriverTalent_2548.exe (PID: 6416)
      • DriverTalent.exe (PID: 7088)
      • Dtl7z.exe (PID: 4944)
      • Dtl7z.exe (PID: 6648)
      • HardWareReport.exe (PID: 6516)

    • Process checks computer location settings

      • DriverTalent_2548.exe (PID: 6416)

    • Reads Microsoft Office registry keys

      • DriverTalent_2548.exe (PID: 6416)
      • msedge.exe (PID: 3740)
      • msedge.exe (PID: 1676)
      • msedge.exe (PID: 5108)
      • DriverTalent.exe (PID: 7088)
      • msedge.exe (PID: 2132)
      • msedge.exe (PID: 5092)

    • Manual execution by a user

      • msedge.exe (PID: 1676)

    • Application launched itself

      • msedge.exe (PID: 3740)
      • msedge.exe (PID: 1676)
      • msedge.exe (PID: 5108)
      • msedge.exe (PID: 2132)
      • msedge.exe (PID: 5092)

    • Reads Environment values

      • DriverTalent.exe (PID: 7088)
      • HardWareReport.exe (PID: 6516)

    • Process checks Internet Explorer phishing filters

      • DriverTalent.exe (PID: 7088)

    • Reads Windows Product ID

      • HardWareReport.exe (PID: 6516)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | UPX compressed Win32 Executable (76)
.exe | Win32 Executable (generic) (12.6)
.exe | Generic Win/DOS Executable (5.6)
.exe | DOS Executable Generic (5.6)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:02:23 10:06:45+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14
CodeSize: 253952
InitializedDataSize: 24854528
UninitializedDataSize: 25145344
EntryPoint: 0x1838e70
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 8.1.11.46
ProductVersionNumber: 8.1.11.46
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
FileVersion: 8.1.11.46
ProductVersion: 8.1.11.46
ProductName: Driver Talent
FileDescription: Driver Talent Setup
CompanyName: OSToto Co., Ltd.
LegalCopyright: Copyright (C) 2008-2022 OSToto. All rights reserved.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
206
Monitored processes
80
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start drivertalent_2548.exe drivertalent.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs rundll32.exe no specs hardwarereport.exe rundll32.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs dtl7z.exe no specs conhost.exe no specs msedge.exe no specs rundll32.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs dtl7z.exe no specs conhost.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs drivertalent_2548.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
400"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2552 --field-trial-handle=2312,i,11307112802560533279,6266778810954962389,262144 --variations-seed-version /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
432"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.59 --initial-client-data=0x260,0x264,0x268,0x25c,0x270,0x7ffcf3aa5fd8,0x7ffcf3aa5fe4,0x7ffcf3aa5ff0C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
624"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5052 --field-trial-handle=2360,i,10454254369822711956,8185164477082334675,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1256"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.59 --initial-client-data=0x260,0x264,0x268,0x25c,0x270,0x7ffcf3aa5fd8,0x7ffcf3aa5fe4,0x7ffcf3aa5ff0C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1332"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5312 --field-trial-handle=2340,i,4375269813688836311,16338844197655567601,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1412\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeDtl7z.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1572"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4176 --field-trial-handle=2132,i,7520114469951572205,11404222505954844407,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1572"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5380 --field-trial-handle=2312,i,11307112802560533279,6266778810954962389,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1604"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4484 --field-trial-handle=2340,i,4375269813688836311,16338844197655567601,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1676"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --do-not-de-elevate --single-argument http://www.ostoto.com/web/install/2548/1?v=8.1.11.46C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
53 196
Read events
52 930
Write events
253
Delete events
13

Modification events

(PID) Process:(6416) DriverTalent_2548.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\OSTotoSoft\DriverTalent
Operation:writeName:AppPath
Value:
C:\Program Files (x86)\OSTotoSoft\DriverTalent
(PID) Process:(6416) DriverTalent_2548.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\OSTotoSoft\DriverTalent
Operation:writeName:OemID
Value:
0
(PID) Process:(6416) DriverTalent_2548.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\OSTotoSoft\DriverTalent
Operation:writeName:UnionId
Value:
2548
(PID) Process:(6416) DriverTalent_2548.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\OSTotoSoft\DriverTalent
Operation:writeName:UserID
Value:
(PID) Process:(6416) DriverTalent_2548.exeKey:HKEY_CURRENT_USER\SOFTWARE\OSTotoSoft\DriverTalent
Operation:writeName:AppPath
Value:
C:\Program Files (x86)\OSTotoSoft\DriverTalent
(PID) Process:(6416) DriverTalent_2548.exeKey:HKEY_CURRENT_USER\SOFTWARE\OSTotoSoft\DriverTalent
Operation:writeName:OemID
Value:
0
(PID) Process:(6416) DriverTalent_2548.exeKey:HKEY_CURRENT_USER\SOFTWARE\OSTotoSoft\DriverTalent
Operation:writeName:UnionId
Value:
2548
(PID) Process:(6416) DriverTalent_2548.exeKey:HKEY_CURRENT_USER\SOFTWARE\OSTotoSoft\DriverTalent
Operation:writeName:UserID
Value:
(PID) Process:(6416) DriverTalent_2548.exeKey:HKEY_CURRENT_USER\SOFTWARE\OSTotoSoft\DriverTalent
Operation:writeName:Version
Value:
801110046
(PID) Process:(6416) DriverTalent_2548.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{29FE44D7-BC89-4188-8B0E-F6BA073C15A5}_is1
Operation:writeName:DisplayIcon
Value:
C:\Program Files (x86)\OSTotoSoft\DriverTalent\DriverTalent.exe
Executable files
105
Suspicious files
209
Text files
260
Unknown types
4

Dropped files

PID
Process
Filename
Type
6416DriverTalent_2548.exeC:\Users\admin\AppData\Local\Temp\Hot4330.tmp\pcid.dllexecutable
MD5:A8416C64B918B026247CC87303C64F77
SHA256:6D5FFC23F532A64E5B3AC79A02876CD7B841695E08C5CD78A9DB06D5413CCD17
6416DriverTalent_2548.exeC:\Users\admin\AppData\Local\Temp\Hot4330.tmp\DTInstUI.dllexecutable
MD5:88E4681A1FC93E14C539D85761F859B6
SHA256:183ABE5572EB850E30111D958132C25850AEF5A1BE75DBED504B66CD5B7355FA
6416DriverTalent_2548.exeC:\Program Files (x86)\OSTotoSoft\DriverTalent\cache\softico\125-1.pngimage
MD5:02CE35B17823DB091FFE73EC9C26D805
SHA256:EDDBA729589197BF83261E6EB4A682901E05254112693245BFDBCF714E3DDF13
6416DriverTalent_2548.exeC:\Program Files (x86)\OSTotoSoft\DriverTalent\Autosetup\EnableFullLogging.regtext
MD5:DB35C068B2490F8703E76CA57AE55895
SHA256:A04B7FC95D244E05E94E466D0F8E56202A87C007DA992F79D2E880DA1231549B
6416DriverTalent_2548.exeC:\Program Files (x86)\OSTotoSoft\DriverTalent\config\activity\img\dt_cp2.pngimage
MD5:6F99942A876FAD64384119112F5040CF
SHA256:F344BAD6FCFADBDF9C5B0C98AB89210FEAF16DE009033B6F6221204A6396280C
6416DriverTalent_2548.exeC:\Program Files (x86)\OSTotoSoft\DriverTalent\cache\softico\125-5.pngimage
MD5:D5D30D885EE67A50560600E6410DB513
SHA256:DF0740F52566DD65DF9CA5442DF4398A7A6458E37DFB12B466FF424620E5D8D5
6416DriverTalent_2548.exeC:\Program Files (x86)\OSTotoSoft\DriverTalent\cache\softico\125-2.pngimage
MD5:5E274B5EC0D5406A906E3F6CD6047195
SHA256:642D16C98033D743001D9C74DBBA0780B8472A4B978C6D67CB54898802B193D1
6416DriverTalent_2548.exeC:\Program Files (x86)\OSTotoSoft\DriverTalent\CleanConfig.datbinary
MD5:F0B35B88B65D285FDAD19DF2E2EBB6C4
SHA256:6E1406A43C09895F75C854412D38BA93CD68E407DCDE970838BD1E3A9FA677BB
6416DriverTalent_2548.exeC:\Program Files (x86)\OSTotoSoft\DriverTalent\config\Audio_Repair_2.pngimage
MD5:3C4EB3AF0DC021B6237F76583C9842AD
SHA256:260CA0D8DD4AA16EB9AE1B6E5308AD8E7768BBE7B64BDCF2B08B41C4A524B22C
6416DriverTalent_2548.exeC:\Program Files (x86)\OSTotoSoft\DriverTalent\config\activity\img\dt_home.pngimage
MD5:B0E2A7EEEC3E9881866673E080086642
SHA256:E8E6371DEAEF937D537F17EC2D300E192127A258D4484BAC5C48542C5D5FD097
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
118
TCP/UDP connections
143
DNS requests
85
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5612
RUXIMICS.exe
GET
200
23.223.17.198:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
5140
MoUsoCoreWorker.exe
GET
200
23.223.17.198:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
5228
svchost.exe
GET
200
23.223.17.198:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
5228
svchost.exe
GET
200
184.85.144.229:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
5612
RUXIMICS.exe
GET
200
184.85.144.229:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
5140
MoUsoCoreWorker.exe
GET
200
184.85.144.229:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
6416
DriverTalent_2548.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEA6bGI750C3n79tQ4ghAGFo%3D
unknown
6416
DriverTalent_2548.exe
GET
200
192.229.221.95:80
http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl
unknown
6416
DriverTalent_2548.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7NfjgtJxXWRM3y5nP%2Be6mK4cD08CEAitQLJg0pxMn17Nqb2Trtk%3D
unknown
6416
DriverTalent_2548.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSRXerF0eFeSWRripTgTkcJWMm7iQQUaDfg67Y7%2BF8Rhvv%2BYXsIiGX0TkICEAh8Ol49voaXsmoj7jArz5A%3D
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
unknown
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
5612
RUXIMICS.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
5140
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
5612
RUXIMICS.exe
23.223.17.198:80
crl.microsoft.com
AKAMAI-AS
US
unknown
4364
svchost.exe
239.255.255.250:1900
unknown
5140
MoUsoCoreWorker.exe
23.223.17.198:80
crl.microsoft.com
AKAMAI-AS
US
unknown
5228
svchost.exe
23.223.17.198:80
crl.microsoft.com
AKAMAI-AS
US
unknown
5228
svchost.exe
184.85.144.229:80
www.microsoft.com
AKAMAI-AS
FI
unknown
5612
RUXIMICS.exe
184.85.144.229:80
www.microsoft.com
AKAMAI-AS
FI
unknown

DNS requests

Domain
IP
Reputation
crl.microsoft.com
  • 23.223.17.198
  • 23.223.17.208
unknown
www.microsoft.com
  • 184.85.144.229
  • 88.221.169.152
unknown
settings-win.data.microsoft.com
  • 4.231.128.59
unknown
ocsp.digicert.com
  • 192.229.221.95
unknown
crl3.digicert.com
  • 192.229.221.95
unknown
dispatch.integrate.drivethelife.com
  • 209.58.131.173
unknown
install.integrate.drivethelife.com
  • 209.58.131.173
unknown
autoupdater.drivethelife.com
  • 52.53.192.135
unknown
int.qudong.drivethelife.com
  • 43.152.26.197
  • 43.152.26.58
  • 43.152.26.151
  • 43.152.26.104
  • 43.152.26.142
  • 43.152.26.154
  • 43.152.26.221
unknown
config.edge.skype.com
  • 13.107.42.16
unknown

Threats

Found threats are available for the paid subscriptions
1 ETPRO signatures available at the full report
Process
Message
DriverTalent_2548.exe
hwang InitCommandLineArgv parm=c:\users\admin\desktop\drivertalent_2548.exe
DriverTalent_2548.exe
hwang Create Directory C:\Users\admin\AppData\Local\Temp\Hot4330.tmp!
DriverTalent_2548.exe
hwang UnCompress EXT to C:\Users\admin\AppData\Local\Temp\Hot4330.tmp .
DriverTalent_2548.exe
hwang global_licence_url: http://www.drivethelife.com/EULA.html
DriverTalent_2548.exe
hwang UnCompress successful.
DriverTalent_2548.exe
hwang Create Directory C:\Program Files (x86)\OSTotoSoft\DriverTalent!
DriverTalent_2548.exe
hwang UnCompress DATA to C:\Program Files (x86)\OSTotoSoft\DriverTalent .
DriverTalent_2548.exe
hwang UnCompress successful.
DriverTalent_2548.exe
hwang Copy C:\Users\admin\AppData\Local\Temp\Hot4330.tmp\AdModule.dll to C:\Program Files (x86)\OSTotoSoft\DriverTalent failed!
DriverTalent_2548.exe
hwang SHFileOperation error code : 0x2
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
DriverTalent_2548.exe