File name:

DriverTalent_2548.exe

Full analysis: https://app.any.run/tasks/c8bc17ae-5695-474d-80c7-2b4ad4002a81
Verdict: Malicious activity
Analysis date: June 15, 2024, 18:40:17
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5:

1371BA1AB87CEA58D3571D6746F28447

SHA1:

E4D58E044017BB15BCB570759D182CC5C585ACC1

SHA256:

6B124A19F9BAED71B97D8A763071EA3CBD0A040AA0ED77E85067DDBE141EE472

SSDEEP:

196608:RF2IiRbjruqph20NfGPp1UFopvXj7dbIqlBYWEoEaNMqdZvR7vrdNqf:Hit/h2qf2DfpvXj7WqE/mMqdL7vrdN+

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Scans artifacts that could help determine the target

      • DriverTalent.exe (PID: 7088)

    • Drops the executable file immediately after the start

      • DriverTalent_2548.exe (PID: 6416)
      • HardWareReport.exe (PID: 6516)

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • DriverTalent_2548.exe (PID: 6416)

    • Drops a system driver (possible attempt to evade defenses)

      • DriverTalent_2548.exe (PID: 6416)
      • HardWareReport.exe (PID: 6516)

    • Creates a software uninstall entry

      • DriverTalent_2548.exe (PID: 6416)

    • Executable content was dropped or overwritten

      • DriverTalent_2548.exe (PID: 6416)
      • HardWareReport.exe (PID: 6516)

    • Checks Windows Trust Settings

      • DriverTalent_2548.exe (PID: 6416)
      • DriverTalent.exe (PID: 7088)

    • Reads security settings of Internet Explorer

      • DriverTalent_2548.exe (PID: 6416)
      • DriverTalent.exe (PID: 7088)
      • HardWareReport.exe (PID: 6516)

    • Drops 7-zip archiver for unpacking

      • DriverTalent_2548.exe (PID: 6416)

    • Creates or modifies Windows services

      • DriverTalent_2548.exe (PID: 6416)

    • Reads the date of Windows installation

      • DriverTalent_2548.exe (PID: 6416)
      • HardWareReport.exe (PID: 6516)

    • Changes Internet Explorer settings (feature browser emulation)

      • DriverTalent.exe (PID: 7088)

    • Reads Microsoft Outlook installation path

      • DriverTalent.exe (PID: 7088)

    • Reads Internet Explorer settings

      • DriverTalent.exe (PID: 7088)

    • Detected use of alternative data streams (AltDS)

      • DriverTalent.exe (PID: 7088)

    • Searches for installed software

      • DriverTalent.exe (PID: 7088)

    • Reads the BIOS version

      • HardWareReport.exe (PID: 6516)

    • Reads the Windows owner or organization settings

      • HardWareReport.exe (PID: 6516)

    • The process checks if it is being run in the virtual environment

      • HardWareReport.exe (PID: 6516)

    • Connects to unusual port

      • DriverTalent.exe (PID: 7088)

  • INFO

    • Checks supported languages

      • DriverTalent_2548.exe (PID: 6416)
      • DriverTalent.exe (PID: 7088)
      • HardWareReport.exe (PID: 6516)
      • identity_helper.exe (PID: 6368)
      • Dtl7z.exe (PID: 4944)
      • Dtl7z.exe (PID: 6648)
      • identity_helper.exe (PID: 6572)
      • identity_helper.exe (PID: 5180)

    • Reads the software policy settings

      • DriverTalent_2548.exe (PID: 6416)
      • HardWareReport.exe (PID: 6516)
      • DriverTalent.exe (PID: 7088)

    • Create files in a temporary directory

      • DriverTalent_2548.exe (PID: 6416)

    • Reads the machine GUID from the registry

      • DriverTalent_2548.exe (PID: 6416)
      • DriverTalent.exe (PID: 7088)
      • HardWareReport.exe (PID: 6516)

    • Reads the computer name

      • DriverTalent_2548.exe (PID: 6416)
      • DriverTalent.exe (PID: 7088)
      • HardWareReport.exe (PID: 6516)
      • identity_helper.exe (PID: 6368)
      • Dtl7z.exe (PID: 4944)
      • Dtl7z.exe (PID: 6648)
      • identity_helper.exe (PID: 6572)
      • identity_helper.exe (PID: 5180)

    • Checks proxy server information

      • DriverTalent_2548.exe (PID: 6416)
      • DriverTalent.exe (PID: 7088)

    • Process checks computer location settings

      • DriverTalent_2548.exe (PID: 6416)

    • Creates files in the program directory

      • DriverTalent_2548.exe (PID: 6416)
      • DriverTalent.exe (PID: 7088)

    • Creates files or folders in the user directory

      • DriverTalent_2548.exe (PID: 6416)
      • DriverTalent.exe (PID: 7088)
      • Dtl7z.exe (PID: 4944)
      • HardWareReport.exe (PID: 6516)
      • Dtl7z.exe (PID: 6648)

    • Application launched itself

      • msedge.exe (PID: 3740)
      • msedge.exe (PID: 1676)
      • msedge.exe (PID: 5108)
      • msedge.exe (PID: 2132)
      • msedge.exe (PID: 5092)

    • Reads Microsoft Office registry keys

      • msedge.exe (PID: 3740)
      • msedge.exe (PID: 1676)
      • DriverTalent_2548.exe (PID: 6416)
      • msedge.exe (PID: 5108)
      • DriverTalent.exe (PID: 7088)
      • msedge.exe (PID: 5092)
      • msedge.exe (PID: 2132)

    • Reads Environment values

      • DriverTalent.exe (PID: 7088)
      • HardWareReport.exe (PID: 6516)

    • Manual execution by a user

      • msedge.exe (PID: 1676)

    • Reads Windows Product ID

      • HardWareReport.exe (PID: 6516)

    • Process checks Internet Explorer phishing filters

      • DriverTalent.exe (PID: 7088)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | UPX compressed Win32 Executable (76)
.exe | Win32 Executable (generic) (12.6)
.exe | Generic Win/DOS Executable (5.6)
.exe | DOS Executable Generic (5.6)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:02:23 10:06:45+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14
CodeSize: 253952
InitializedDataSize: 24854528
UninitializedDataSize: 25145344
EntryPoint: 0x1838e70
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 8.1.11.46
ProductVersionNumber: 8.1.11.46
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
FileVersion: 8.1.11.46
ProductVersion: 8.1.11.46
ProductName: Driver Talent
FileDescription: Driver Talent Setup
CompanyName: OSToto Co., Ltd.
LegalCopyright: Copyright (C) 2008-2022 OSToto. All rights reserved.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
206
Monitored processes
80
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start drivertalent_2548.exe drivertalent.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs rundll32.exe no specs hardwarereport.exe rundll32.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs dtl7z.exe no specs conhost.exe no specs msedge.exe no specs rundll32.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs dtl7z.exe no specs conhost.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs drivertalent_2548.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
400"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2552 --field-trial-handle=2312,i,11307112802560533279,6266778810954962389,262144 --variations-seed-version /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
432"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.59 --initial-client-data=0x260,0x264,0x268,0x25c,0x270,0x7ffcf3aa5fd8,0x7ffcf3aa5fe4,0x7ffcf3aa5ff0C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
624"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5052 --field-trial-handle=2360,i,10454254369822711956,8185164477082334675,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1256"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.59 --initial-client-data=0x260,0x264,0x268,0x25c,0x270,0x7ffcf3aa5fd8,0x7ffcf3aa5fe4,0x7ffcf3aa5ff0C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1332"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5312 --field-trial-handle=2340,i,4375269813688836311,16338844197655567601,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1412\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeDtl7z.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1572"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4176 --field-trial-handle=2132,i,7520114469951572205,11404222505954844407,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1572"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5380 --field-trial-handle=2312,i,11307112802560533279,6266778810954962389,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1604"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4484 --field-trial-handle=2340,i,4375269813688836311,16338844197655567601,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1676"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --do-not-de-elevate --single-argument http://www.ostoto.com/web/install/2548/1?v=8.1.11.46C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
53 196
Read events
52 930
Write events
253
Delete events
13

Modification events

(PID) Process:(6416) DriverTalent_2548.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\OSTotoSoft\DriverTalent
Operation:writeName:AppPath
Value:
C:\Program Files (x86)\OSTotoSoft\DriverTalent
(PID) Process:(6416) DriverTalent_2548.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\OSTotoSoft\DriverTalent
Operation:writeName:OemID
Value:
0
(PID) Process:(6416) DriverTalent_2548.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\OSTotoSoft\DriverTalent
Operation:writeName:UnionId
Value:
2548
(PID) Process:(6416) DriverTalent_2548.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\OSTotoSoft\DriverTalent
Operation:writeName:UserID
Value:
(PID) Process:(6416) DriverTalent_2548.exeKey:HKEY_CURRENT_USER\SOFTWARE\OSTotoSoft\DriverTalent
Operation:writeName:AppPath
Value:
C:\Program Files (x86)\OSTotoSoft\DriverTalent
(PID) Process:(6416) DriverTalent_2548.exeKey:HKEY_CURRENT_USER\SOFTWARE\OSTotoSoft\DriverTalent
Operation:writeName:OemID
Value:
0
(PID) Process:(6416) DriverTalent_2548.exeKey:HKEY_CURRENT_USER\SOFTWARE\OSTotoSoft\DriverTalent
Operation:writeName:UnionId
Value:
2548
(PID) Process:(6416) DriverTalent_2548.exeKey:HKEY_CURRENT_USER\SOFTWARE\OSTotoSoft\DriverTalent
Operation:writeName:UserID
Value:
(PID) Process:(6416) DriverTalent_2548.exeKey:HKEY_CURRENT_USER\SOFTWARE\OSTotoSoft\DriverTalent
Operation:writeName:Version
Value:
801110046
(PID) Process:(6416) DriverTalent_2548.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{29FE44D7-BC89-4188-8B0E-F6BA073C15A5}_is1
Operation:writeName:DisplayIcon
Value:
C:\Program Files (x86)\OSTotoSoft\DriverTalent\DriverTalent.exe
Executable files
105
Suspicious files
209
Text files
260
Unknown types
4

Dropped files

PID
Process
Filename
Type
6416DriverTalent_2548.exeC:\Program Files (x86)\OSTotoSoft\DriverTalent\config\activity\img\dt_cp2.pngimage
MD5:6F99942A876FAD64384119112F5040CF
SHA256:F344BAD6FCFADBDF9C5B0C98AB89210FEAF16DE009033B6F6221204A6396280C
6416DriverTalent_2548.exeC:\Users\admin\AppData\Local\Temp\Hot4330.tmp\substat.dllexecutable
MD5:D3E2716621CD2946CACE33ABFD1F5202
SHA256:5E4BCCA804B7A9AB66CD3C97024B9B729892BC024762DA38094B35FCD5DD0983
6416DriverTalent_2548.exeC:\Program Files (x86)\OSTotoSoft\DriverTalent\Autosetup\EnableFullLogging.regtext
MD5:DB35C068B2490F8703E76CA57AE55895
SHA256:A04B7FC95D244E05E94E466D0F8E56202A87C007DA992F79D2E880DA1231549B
6416DriverTalent_2548.exeC:\Program Files (x86)\OSTotoSoft\DriverTalent\config\activity\img\luckday_left.pngimage
MD5:318DA61BD1E9ABFCD75536ED47FE86B5
SHA256:7F3BAEF54D78F6308D5410825212093E6B95F754A536BF8ED102BA7372529267
6416DriverTalent_2548.exeC:\Program Files (x86)\OSTotoSoft\DriverTalent\Autosetup\log\dtldevapi.logtext
MD5:DA5E82667866F93C932678AA18EDDEB8
SHA256:32ED3802E01DA181F5D4FDC3EEFDCEBA4A7B319588B40D1950CFD42E466E6520
6416DriverTalent_2548.exeC:\Program Files (x86)\OSTotoSoft\DriverTalent\config\gamelist.jsonbinary
MD5:AC2846EE788AEB1599923FC8AF9E2BA0
SHA256:68A3EDE909FA079B06C7F1F74DBE340A38C3D2CD0E03B1C7F3246793CAE22DD1
6416DriverTalent_2548.exeC:\Program Files (x86)\OSTotoSoft\DriverTalent\cache\softico\125-1.pngimage
MD5:02CE35B17823DB091FFE73EC9C26D805
SHA256:EDDBA729589197BF83261E6EB4A682901E05254112693245BFDBCF714E3DDF13
6416DriverTalent_2548.exeC:\Program Files (x86)\OSTotoSoft\DriverTalent\CleanConfig.datbinary
MD5:F0B35B88B65D285FDAD19DF2E2EBB6C4
SHA256:6E1406A43C09895F75C854412D38BA93CD68E407DCDE970838BD1E3A9FA677BB
6416DriverTalent_2548.exeC:\Program Files (x86)\OSTotoSoft\DriverTalent\config\activity\img\dt_home.pngimage
MD5:B0E2A7EEEC3E9881866673E080086642
SHA256:E8E6371DEAEF937D537F17EC2D300E192127A258D4484BAC5C48542C5D5FD097
6416DriverTalent_2548.exeC:\Program Files (x86)\OSTotoSoft\DriverTalent\cache\softico\125-10.pngimage
MD5:1757FBB3BAC290DFD509BA39EA67F76A
SHA256:512FC8B325D2EF2D687AC55049181E744C8A739CBCD99FB0C4F9C16B8AB7098B
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
118
TCP/UDP connections
143
DNS requests
85
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5612
RUXIMICS.exe
GET
200
23.223.17.198:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
US
binary
1.01 Kb
unknown
5228
svchost.exe
GET
200
23.223.17.198:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
US
binary
1.01 Kb
unknown
5140
MoUsoCoreWorker.exe
GET
200
23.223.17.198:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
US
binary
1.01 Kb
unknown
5228
svchost.exe
GET
200
184.85.144.229:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
FI
binary
973 b
unknown
5612
RUXIMICS.exe
GET
200
184.85.144.229:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
FI
binary
973 b
unknown
5140
MoUsoCoreWorker.exe
GET
200
184.85.144.229:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
FI
binary
973 b
unknown
6416
DriverTalent_2548.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEA6bGI750C3n79tQ4ghAGFo%3D
US
binary
471 b
unknown
6416
DriverTalent_2548.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSRXerF0eFeSWRripTgTkcJWMm7iQQUaDfg67Y7%2BF8Rhvv%2BYXsIiGX0TkICEAh8Ol49voaXsmoj7jArz5A%3D
US
binary
727 b
unknown
GET
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/MicWinProPCA2011_2011-10-19.crl%20
DE
unknown
7088
DriverTalent.exe
POST
200
43.152.26.197:80
http://int.qudong.drivethelife.com/api/vinfo
DE
text
576 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
5612
RUXIMICS.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5140
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5612
RUXIMICS.exe
23.223.17.198:80
crl.microsoft.com
AKAMAI-AS
US
unknown
4364
svchost.exe
239.255.255.250:1900
unknown
5140
MoUsoCoreWorker.exe
23.223.17.198:80
crl.microsoft.com
AKAMAI-AS
US
unknown
5228
svchost.exe
23.223.17.198:80
crl.microsoft.com
AKAMAI-AS
US
unknown
5228
svchost.exe
184.85.144.229:80
www.microsoft.com
AKAMAI-AS
FI
unknown
5612
RUXIMICS.exe
184.85.144.229:80
www.microsoft.com
AKAMAI-AS
FI
unknown

DNS requests

Domain
IP
Reputation
crl.microsoft.com
  • 23.223.17.198
  • 23.223.17.208
whitelisted
www.microsoft.com
  • 184.85.144.229
  • 88.221.169.152
whitelisted
settings-win.data.microsoft.com
  • 4.231.128.59
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
crl3.digicert.com
  • 192.229.221.95
whitelisted
dispatch.integrate.drivethelife.com
  • 209.58.131.173
unknown
install.integrate.drivethelife.com
  • 209.58.131.173
unknown
autoupdater.drivethelife.com
  • 52.53.192.135
unknown
int.qudong.drivethelife.com
  • 43.152.26.197
  • 43.152.26.58
  • 43.152.26.151
  • 43.152.26.104
  • 43.152.26.142
  • 43.152.26.154
  • 43.152.26.221
unknown
config.edge.skype.com
  • 13.107.42.16
whitelisted

Threats

Found threats are available for the paid subscriptions
1 ETPRO signatures available at the full report
Process
Message
DriverTalent_2548.exe
hwang InitCommandLineArgv parm=c:\users\admin\desktop\drivertalent_2548.exe
DriverTalent_2548.exe
hwang Create Directory C:\Users\admin\AppData\Local\Temp\Hot4330.tmp!
DriverTalent_2548.exe
hwang UnCompress EXT to C:\Users\admin\AppData\Local\Temp\Hot4330.tmp .
DriverTalent_2548.exe
hwang global_licence_url: http://www.drivethelife.com/EULA.html
DriverTalent_2548.exe
hwang UnCompress successful.
DriverTalent_2548.exe
hwang Create Directory C:\Program Files (x86)\OSTotoSoft\DriverTalent!
DriverTalent_2548.exe
hwang UnCompress DATA to C:\Program Files (x86)\OSTotoSoft\DriverTalent .
DriverTalent_2548.exe
hwang UnCompress successful.
DriverTalent_2548.exe
hwang Copy C:\Users\admin\AppData\Local\Temp\Hot4330.tmp\AdModule.dll to C:\Program Files (x86)\OSTotoSoft\DriverTalent failed!
DriverTalent_2548.exe
hwang SHFileOperation error code : 0x2
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
DriverTalent_2548.exe