URL:

http://file.drivethelife.com/download/dtlabroad/7.1.27.76/DriverTalent_setup7.1.27.76.exe

Full analysis: https://app.any.run/tasks/930acbaa-44b0-4151-b305-b493583c2956
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: July 02, 2019, 16:58:26
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
trojan
adware
installcore
pup
loader
Indicators:
MD5:

084E543C84DF15A9989FD4A4A10582E7

SHA1:

2FF6F3FB7A6463904BF0A7B6C63AE03D8FBF287D

SHA256:

BA5AB9AD810A35F7C068EDEC127B7989804BB41E7165FB58B6300A5A1365FA52

SSDEEP:

3:N1KY0MRDExKL9lXfG6M590Q4LULvHN:CY0MhDO6pULF

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • DriverTalent_setup7.1.27.76[1].exe (PID: 2164)
      • DriverTalent_setup7.1.27.76[1].exe (PID: 456)
      • avastfreeantivirussetuponline.m.exe (PID: 2424)
      • avast_free_antivirus_setup_online.exe (PID: 2792)
      • instup.exe (PID: 2880)
      • dtlupdate.exe (PID: 2776)
      • dtlupdate.exe (PID: 1016)
      • DriverTalent.exe (PID: 2420)
      • instup.exe (PID: 1708)
      • sbr.exe (PID: 3316)
      • SetupInf.exe (PID: 2524)
      • SetupInf.exe (PID: 1752)
      • SetupInf.exe (PID: 3512)
      • SetupInf.exe (PID: 2124)
      • CCUpdate.exe (PID: 2552)
      • AvEmUpdate.exe (PID: 3276)
      • AvEmUpdate.exe (PID: 3520)
      • AvEmUpdate.exe (PID: 3716)
      • AvEmUpdate.exe (PID: 1132)
      • CCUpdate.exe (PID: 2296)
      • CCUpdate.exe (PID: 3452)
      • CCUpdate.exe (PID: 2124)
      • avBugReport.exe (PID: 3600)
      • RegSvr.exe (PID: 408)
      • CCUpdate.exe (PID: 560)
      • AvastNM.exe (PID: 2928)
      • overseer.exe (PID: 1160)
      • wsc_proxy.exe (PID: 3256)
      • AvastSvc.exe (PID: 1812)
      • engsup.exe (PID: 1704)
      • aswEngSrv.exe (PID: 2440)
      • instup.exe (PID: 236)
      • engsup.exe (PID: 1712)
      • wsc_proxy.exe (PID: 1520)
      • instup.exe (PID: 3496)
      • RegSvr.exe (PID: 2876)

    • Changes settings of System certificates

      • DriverTalent_setup7.1.27.76[1].exe (PID: 456)
      • DriverTalent.exe (PID: 2420)
      • AvastSvc.exe (PID: 1812)

    • Loads dropped or rewritten executable

      • DriverTalent_setup7.1.27.76[1].exe (PID: 456)
      • svchost.exe (PID: 2452)
      • DriverTalent.exe (PID: 2420)
      • instup.exe (PID: 2880)
      • rundll32.exe (PID: 1208)
      • instup.exe (PID: 1708)
      • AvEmUpdate.exe (PID: 3716)
      • AvEmUpdate.exe (PID: 3276)
      • AvEmUpdate.exe (PID: 1132)
      • CCUpdate.exe (PID: 2124)
      • RegSvr.exe (PID: 408)
      • RegSvr.exe (PID: 2876)
      • engsup.exe (PID: 1712)
      • AvastSvc.exe (PID: 1812)
      • engsup.exe (PID: 1704)
      • aswEngSrv.exe (PID: 2440)

    • INSTALLCORE was detected

      • DriverTalent_setup7.1.27.76[1].exe (PID: 456)

    • Connects to CnC server

      • DriverTalent_setup7.1.27.76[1].exe (PID: 456)

    • Downloads executable files from the Internet

      • iexplore.exe (PID: 2548)
      • avastfreeantivirussetuponline.m.exe (PID: 2424)
      • AvEmUpdate.exe (PID: 3716)
      • CCUpdate.exe (PID: 2296)

    • Creates or modifies windows services

      • DriverTalent_setup7.1.27.76[1].exe (PID: 456)

    • Changes the autorun value in the registry

      • instup.exe (PID: 1708)

    • Loads the Task Scheduler COM API

      • AvEmUpdate.exe (PID: 3520)
      • AvEmUpdate.exe (PID: 3716)
      • CCUpdate.exe (PID: 2296)
      • CCUpdate.exe (PID: 560)
      • overseer.exe (PID: 1160)

    • Disables Windows Defender

      • wsc_proxy.exe (PID: 1520)

  • SUSPICIOUS

    • Adds / modifies Windows certificates

      • DriverTalent_setup7.1.27.76[1].exe (PID: 456)
      • DriverTalent.exe (PID: 2420)

    • Reads the machine GUID from the registry

      • DriverTalent_setup7.1.27.76[1].exe (PID: 456)

    • Reads internet explorer settings

      • DriverTalent_setup7.1.27.76[1].exe (PID: 456)
      • DriverTalent.exe (PID: 2420)

    • Reads CPU info

      • DriverTalent_setup7.1.27.76[1].exe (PID: 456)

    • Reads Environment values

      • DriverTalent_setup7.1.27.76[1].exe (PID: 456)
      • AvastSvc.exe (PID: 1812)

    • Reads Windows Product ID

      • DriverTalent_setup7.1.27.76[1].exe (PID: 456)

    • Executable content was dropped or overwritten

      • DriverTalent_setup7.1.27.76[1].exe (PID: 456)
      • cmd.exe (PID: 3348)
      • avast_free_antivirus_setup_online.exe (PID: 2792)
      • avastfreeantivirussetuponline.m.exe (PID: 2424)
      • instup.exe (PID: 2880)
      • instup.exe (PID: 1708)
      • AvEmUpdate.exe (PID: 3716)
      • AvEmUpdate.exe (PID: 1132)
      • CCUpdate.exe (PID: 3452)
      • CCUpdate.exe (PID: 2552)
      • CCUpdate.exe (PID: 2296)
      • AvastSvc.exe (PID: 1812)

    • Starts CMD.EXE for commands execution

      • cmd.exe (PID: 2748)
      • DriverTalent_setup7.1.27.76[1].exe (PID: 456)

    • Starts CMD.EXE for self-deleting

      • DriverTalent_setup7.1.27.76[1].exe (PID: 456)

    • Low-level read access rights to disk partition

      • avastfreeantivirussetuponline.m.exe (PID: 2424)
      • avast_free_antivirus_setup_online.exe (PID: 2792)
      • instup.exe (PID: 2880)
      • DriverTalent.exe (PID: 2420)
      • instup.exe (PID: 1708)
      • AvEmUpdate.exe (PID: 3716)
      • AvEmUpdate.exe (PID: 3276)
      • AvEmUpdate.exe (PID: 1132)
      • CCUpdate.exe (PID: 2552)
      • CCUpdate.exe (PID: 3452)
      • CCUpdate.exe (PID: 2296)
      • CCUpdate.exe (PID: 2124)
      • CCUpdate.exe (PID: 560)
      • avBugReport.exe (PID: 3600)
      • overseer.exe (PID: 1160)
      • AvastSvc.exe (PID: 1812)

    • Searches for installed software

      • DriverTalent_setup7.1.27.76[1].exe (PID: 456)
      • AvastSvc.exe (PID: 1812)

    • Creates files in the program directory

      • avast_free_antivirus_setup_online.exe (PID: 2792)
      • DriverTalent_setup7.1.27.76[1].exe (PID: 456)
      • instup.exe (PID: 2880)
      • dtlupdate.exe (PID: 1016)
      • svchost.exe (PID: 2452)
      • DriverTalent.exe (PID: 2420)
      • AvEmUpdate.exe (PID: 3520)
      • instup.exe (PID: 1708)
      • AvEmUpdate.exe (PID: 3716)
      • CCUpdate.exe (PID: 2552)
      • CCUpdate.exe (PID: 3452)
      • CCUpdate.exe (PID: 2296)
      • iexplore.exe (PID: 2144)
      • CCUpdate.exe (PID: 560)
      • avBugReport.exe (PID: 3600)
      • AvastNM.exe (PID: 2928)
      • wsc_proxy.exe (PID: 3256)
      • engsup.exe (PID: 1712)
      • AvastSvc.exe (PID: 1812)
      • engsup.exe (PID: 1704)

    • Application launched itself

      • cmd.exe (PID: 2748)
      • AvEmUpdate.exe (PID: 3716)
      • CCUpdate.exe (PID: 2296)

    • Creates files in the Windows directory

      • avastfreeantivirussetuponline.m.exe (PID: 2424)
      • avast_free_antivirus_setup_online.exe (PID: 2792)
      • instup.exe (PID: 2880)
      • DriverTalent.exe (PID: 2420)
      • instup.exe (PID: 1708)
      • AvastSvc.exe (PID: 1812)

    • Creates or modifies windows services

      • instup.exe (PID: 2880)
      • instup.exe (PID: 1708)
      • SetupInf.exe (PID: 3512)
      • SetupInf.exe (PID: 2524)
      • SetupInf.exe (PID: 1752)
      • SetupInf.exe (PID: 2124)
      • AvEmUpdate.exe (PID: 3520)
      • AvEmUpdate.exe (PID: 3716)
      • AvEmUpdate.exe (PID: 3276)
      • AvEmUpdate.exe (PID: 1132)
      • RegSvr.exe (PID: 2876)
      • RegSvr.exe (PID: 408)
      • avBugReport.exe (PID: 3600)
      • wsc_proxy.exe (PID: 3256)
      • AvastSvc.exe (PID: 1812)
      • wsc_proxy.exe (PID: 1520)

    • Removes files from Windows directory

      • instup.exe (PID: 2880)
      • instup.exe (PID: 1708)
      • avast_free_antivirus_setup_online.exe (PID: 2792)

    • Creates a software uninstall entry

      • DriverTalent_setup7.1.27.76[1].exe (PID: 456)
      • instup.exe (PID: 1708)
      • AvEmUpdate.exe (PID: 1132)

    • Starts Internet Explorer

      • DriverTalent_setup7.1.27.76[1].exe (PID: 456)

    • Creates files in the user directory

      • DriverTalent.exe (PID: 2420)

    • Starts itself from another location

      • instup.exe (PID: 2880)
      • CCUpdate.exe (PID: 3452)

    • Reads Internet Cache Settings

      • DriverTalent.exe (PID: 2420)
      • instup.exe (PID: 1708)

    • Changes IE settings (feature browser emulation)

      • DriverTalent.exe (PID: 2420)

    • Uses RUNDLL32.EXE to load library

      • DriverTalent.exe (PID: 2420)

    • Modifies the open verb of a shell class

      • DriverTalent.exe (PID: 2420)
      • instup.exe (PID: 1708)

    • Creates files in the driver directory

      • instup.exe (PID: 1708)

    • Creates COM task schedule object

      • instup.exe (PID: 1708)
      • RegSvr.exe (PID: 2876)
      • RegSvr.exe (PID: 408)

    • Executed as Windows Service

      • AvastSvc.exe (PID: 1812)

    • Reads the cookies of Google Chrome

      • engsup.exe (PID: 1704)

    • Reads the cookies of Mozilla Firefox

      • engsup.exe (PID: 1704)

  • INFO

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 2548)
      • iexplore.exe (PID: 3660)
      • iexplore.exe (PID: 2144)

    • Creates files in the user directory

      • iexplore.exe (PID: 2548)
      • iexplore.exe (PID: 2144)

    • Changes internet zones settings

      • iexplore.exe (PID: 3660)
      • iexplore.exe (PID: 3040)

    • Application launched itself

      • iexplore.exe (PID: 3660)
      • iexplore.exe (PID: 3040)

    • Dropped object may contain Bitcoin addresses

      • DriverTalent_setup7.1.27.76[1].exe (PID: 456)
      • instup.exe (PID: 1708)
      • AvEmUpdate.exe (PID: 3716)

    • Reads internet explorer settings

      • iexplore.exe (PID: 2144)

    • Changes settings of System certificates

      • iexplore.exe (PID: 2144)

    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 2144)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
91
Monitored processes
47
Malicious processes
22
Suspicious processes
8

Behavior graph

Click at the process to see the details
start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start iexplore.exe iexplore.exe drivertalent_setup7.1.27.76[1].exe no specs #INSTALLCORE drivertalent_setup7.1.27.76[1].exe cmd.exe no specs timeout.exe no specs cmd.exe cmd.exe no specs cmd.exe no specs avastfreeantivirussetuponline.m.exe avast_free_antivirus_setup_online.exe instup.exe svchost.exe dtlupdate.exe no specs dtlupdate.exe drivertalent.exe iexplore.exe iexplore.exe instup.exe rundll32.exe no specs sbr.exe no specs setupinf.exe no specs setupinf.exe no specs setupinf.exe no specs setupinf.exe no specs avemupdate.exe no specs avemupdate.exe avemupdate.exe avemupdate.exe ccupdate.exe ccupdate.exe ccupdate.exe ccupdate.exe ccupdate.exe avbugreport.exe regsvr.exe no specs regsvr.exe no specs avastnm.exe no specs overseer.exe engsup.exe no specs wsc_proxy.exe no specs avastsvc.exe engsup.exe no specs aswengsrv.exe no specs wsc_proxy.exe no specs instup.exe no specs instup.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
236"C:\Program Files\AVAST Software\Avast\setup\instup.exe" /instop:check_for_updates /waitC:\Program Files\AVAST Software\Avast\setup\instup.exeAvastSvc.exe
User:
SYSTEM
Company:
AVAST Software
Integrity Level:
SYSTEM
Description:
Avast Antivirus Installer
Exit code:
0
Version:
19.6.4546.0
Modules
Images
c:\program files\avast software\avast\setup\instup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\version.dll
c:\windows\system32\user32.dll
408"C:\Program Files\AVAST Software\Avast\RegSvr.exe" "C:\Program Files\AVAST Software\Avast\aswAMSI.dll"C:\Program Files\AVAST Software\Avast\RegSvr.exeinstup.exe
User:
admin
Company:
AVAST Software
Integrity Level:
HIGH
Description:
Avast Antivirus Installer
Exit code:
0
Version:
19.6.4546.0
Modules
Images
c:\program files\avast software\avast\regsvr.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
456"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\DriverTalent_setup7.1.27.76[1].exe" C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\DriverTalent_setup7.1.27.76[1].exe
iexplore.exe
User:
admin
Company:
OSToto Co., Ltd.
Integrity Level:
HIGH
Description:
Driver Talent Setup
Exit code:
1
Version:
7.1.27.76
Modules
Images
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\i0488cjo\drivertalent_setup7.1.27.76[1].exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\gdi32.dll
560dummy /emupdaterC:\Program Files\CCleaner\CCUpdate.exe
CCUpdate.exe
User:
admin
Company:
Piriform Software Ltd
Integrity Level:
HIGH
Description:
CCleaner emergency updater
Exit code:
0
Version:
19.2.566.0
Modules
Images
c:\program files\ccleaner\ccupdate.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
1016"c:\program files\ostotosoft\drivertalent\AppUpdate\dtlupdate.exe" 16942080c:\program files\ostotosoft\drivertalent\AppUpdate\dtlupdate.exe
svchost.exe
User:
admin
Integrity Level:
HIGH
Description:
dtlupdate
Exit code:
0
Version:
3, 0, 2, 52
Modules
Images
c:\program files\ostotosoft\drivertalent\appupdate\dtlupdate.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
1132AvEmUpdate.exe /installer1 /emupdater /applydll "C:\Program Files\AVAST Software\Avast\Setup\4c6c647c-a171-499a-b9ba-6d8f5d56a47b.dll"C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
AvEmUpdate.exe
User:
admin
Company:
AVAST Software
Integrity Level:
HIGH
Description:
Avast Emergency Update
Exit code:
0
Version:
19.6.4546.0
Modules
Images
c:\program files\avast software\avast\avemupdate.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\webio.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
1160"C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe" /skip_update /skip_uptime /skip_remediationsC:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe
instup.exe
User:
admin
Company:
AVAST Software
Integrity Level:
HIGH
Description:
Avast Overseer
Exit code:
0
Version:
1.0.369.0
Modules
Images
c:\program files\common files\avast software\overseer\overseer.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
1208C:\Windows\system32\rundll32.exe "C:\Program Files\OSTotoSoft\DriverTalent\pcidetect.dll",HDRundllDetectC:\Windows\system32\rundll32.exeDriverTalent.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\rundll32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imagehlp.dll
1520"C:\Program Files\AVAST Software\Avast\wsc_proxy.exe" /av_as /signatures:up_to_date /state:on /svc /updateC:\Program Files\AVAST Software\Avast\wsc_proxy.exeAvastSvc.exe
User:
SYSTEM
Company:
AVAST Software
Integrity Level:
SYSTEM
Description:
Avast remediation exe
Exit code:
0
Version:
19.6.4546.0
Modules
Images
c:\program files\avast software\avast\wsc_proxy.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\avast software\avast\wsc.dll5892b0630520.tmp
c:\windows\system32\rpcrt4.dll
c:\windows\system32\userenv.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\profapi.dll
c:\windows\system32\wtsapi32.dll
1704"C:\Program Files\AVAST Software\Avast\defs\19070199\engsup.exe" /get_download_cookie /get_latest_ga_client_id /get_latest_gclidC:\Program Files\AVAST Software\Avast\defs\19070199\engsup.exeinstup.exe
User:
admin
Company:
AVAST Software
Integrity Level:
HIGH
Description:
Avast Antivirus vps tool
Exit code:
2
Version:
18.0.583.0
Modules
Images
c:\program files\avast software\avast\defs\19070199\engsup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
Total events
8 564
Read events
3 698
Write events
4 854
Delete events
12

Modification events

(PID) Process:(3660) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(3660) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(3660) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
(PID) Process:(3660) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
Operation:writeName:SecuritySafe
Value:
1
(PID) Process:(3660) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(3660) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
4600000071000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
(PID) Process:(3660) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
Operation:writeName:{A79B33BF-9CEA-11E9-A09E-5254004A04AF}
Value:
0
(PID) Process:(3660) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Type
Value:
4
(PID) Process:(3660) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Count
Value:
1
(PID) Process:(3660) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Time
Value:
E30707000200020010003A002F008D01
Executable files
553
Suspicious files
240
Text files
421
Unknown types
60

Dropped files

PID
Process
Filename
Type
3660iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].ico
MD5:
SHA256:
3660iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
3660iexplore.exeC:\Users\admin\AppData\Local\Temp\~DF49E6A9AC6F402AE5.TMP
MD5:
SHA256:
2548iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C43GW8TJ\DriverTalent_setup7.1.27.76[1].exe
MD5:
SHA256:
3660iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\DriverTalent_setup7.1.27.76[1].exe
MD5:
SHA256:
3660iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{A79B33C0-9CEA-11E9-A09E-5254004A04AF}.datbinary
MD5:
SHA256:
2548iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.datdat
MD5:
SHA256:
2548iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019070220190703\index.datdat
MD5:
SHA256:
456DriverTalent_setup7.1.27.76[1].exeC:\Users\admin\AppData\Local\Temp\Hot6B55.tmp\instlan\English.initext
MD5:
SHA256:
456DriverTalent_setup7.1.27.76[1].exeC:\Users\admin\AppData\Local\Temp\Hot6B55.tmp\instlan\French.initext
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
189
TCP/UDP connections
195
DNS requests
177
Threats
31

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
456
DriverTalent_setup7.1.27.76[1].exe
GET
200
54.194.149.175:80
http://rp.bestupdatemeta.com/
IE
malicious
456
DriverTalent_setup7.1.27.76[1].exe
HEAD
200
185.59.222.146:80
http://cdneu.bestupdatemeta.com/ofr/Niniwic/YL/Niniwic_Tefenece_12Apr16
NL
malicious
456
DriverTalent_setup7.1.27.76[1].exe
HEAD
200
185.59.222.146:80
http://cdneu.bestupdatemeta.com/ofr/Solululadul/icut_v2_2.cis
NL
malicious
456
DriverTalent_setup7.1.27.76[1].exe
POST
200
52.50.98.206:80
http://os.bestupdatemeta.com/FusionOSToto_New/
IE
binary
344 Kb
malicious
456
DriverTalent_setup7.1.27.76[1].exe
POST
200
54.194.149.175:80
http://rp.bestupdatemeta.com/
IE
malicious
456
DriverTalent_setup7.1.27.76[1].exe
GET
200
146.185.27.53:80
http://img.bestupdatemeta.com/img/Tavasat/15Feb17/v2_fs/EN.jpg
GB
image
23.4 Kb
malicious
2548
iexplore.exe
GET
200
209.58.131.165:80
http://file.drivethelife.com/download/dtlabroad/7.1.27.76/DriverTalent_setup7.1.27.76.exe
US
executable
41.6 Mb
whitelisted
456
DriverTalent_setup7.1.27.76[1].exe
GET
200
146.185.27.53:80
http://img.bestupdatemeta.com/img/Tefenece/Tefenece_logo_black.png
GB
image
1.82 Kb
malicious
456
DriverTalent_setup7.1.27.76[1].exe
GET
200
146.185.27.53:80
http://img.bestupdatemeta.com/img/Jimomoromoj/Jimomoromoj_logo_dark_bg.png
GB
image
4.00 Kb
malicious
456
DriverTalent_setup7.1.27.76[1].exe
POST
200
54.194.149.175:80
http://rp.bestupdatemeta.com/
IE
malicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3660
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
2548
iexplore.exe
209.58.131.165:80
file.drivethelife.com
Leaseweb USA, Inc.
US
suspicious
456
DriverTalent_setup7.1.27.76[1].exe
54.194.149.175:80
rp.bestupdatemeta.com
Amazon.com, Inc.
IE
malicious
456
DriverTalent_setup7.1.27.76[1].exe
209.58.131.173:3800
dispatch.integrate.drivethelife.com
Leaseweb USA, Inc.
US
unknown
456
DriverTalent_setup7.1.27.76[1].exe
52.50.98.206:80
os.bestupdatemeta.com
Amazon.com, Inc.
IE
malicious
456
DriverTalent_setup7.1.27.76[1].exe
146.185.27.53:80
img.bestupdatemeta.com
UK-2 Limited
GB
malicious
456
DriverTalent_setup7.1.27.76[1].exe
185.59.222.146:80
cdneu.bestupdatemeta.com
Datacamp Limited
NL
malicious
456
DriverTalent_setup7.1.27.76[1].exe
192.96.201.161:80
cdnus.bestupdatemeta.com
Leaseweb USA, Inc.
US
malicious
2792
avast_free_antivirus_setup_online.exe
172.217.16.142:80
www.google-analytics.com
Google Inc.
US
whitelisted
2792
avast_free_antivirus_setup_online.exe
5.62.40.203:80
v7event.stats.avast.com
AVAST Software s.r.o.
DE
unknown

DNS requests

Domain
IP
Reputation
file.drivethelife.com
  • 209.58.131.165
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
rp.bestupdatemeta.com
  • 54.194.149.175
  • 52.214.73.247
malicious
dispatch.integrate.drivethelife.com
  • 209.58.131.173
unknown
os.bestupdatemeta.com
  • 52.50.98.206
  • 52.31.245.195
  • 52.51.129.59
malicious
img.bestupdatemeta.com
  • 146.185.27.53
malicious
cdneu.bestupdatemeta.com
  • 185.59.222.146
malicious
cdnus.bestupdatemeta.com
  • 192.96.201.161
malicious
behaviorgather.integrate.drivethelife.com
  • 209.58.131.173
malicious
iavs9x.u.avast.com
  • 2.16.186.104
  • 2.16.186.50
whitelisted

Threats

PID
Process
Class
Message
2548
iexplore.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
456
DriverTalent_setup7.1.27.76[1].exe
Misc activity
ADWARE [PTsecurity] PUP.Optional.InstallCore Artifact M2
456
DriverTalent_setup7.1.27.76[1].exe
Misc activity
ADWARE [PTsecurity] PUP.Optional.InstallCore Artifact M1
456
DriverTalent_setup7.1.27.76[1].exe
Misc activity
ADWARE [PTsecurity] PUP.Optional.InstallCore Artifact M3
456
DriverTalent_setup7.1.27.76[1].exe
Misc activity
ADWARE [PTsecurity] PUP.Optional.InstallCore Artifact M4
2424
avastfreeantivirussetuponline.m.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
3716
AvEmUpdate.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
2296
CCUpdate.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
23 ETPRO signatures available at the full report
Process
Message
DriverTalent_setup7.1.27.76[1].exe
hwang InitCommandLineArgv parm=c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\i0488cjo\drivertalent_setup7.1.27.76[1].exe
DriverTalent_setup7.1.27.76[1].exe
hwang global_licence_url: http://www.drivethelife.com/EULA.html
DriverTalent_setup7.1.27.76[1].exe
hwang Create Directory C:\Users\admin\AppData\Local\Temp\Hot6B55.tmp!
DriverTalent_setup7.1.27.76[1].exe
hwang UnCompress EXT to C:\Users\admin\AppData\Local\Temp\Hot6B55.tmp .
DriverTalent_setup7.1.27.76[1].exe
hwang UnCompress successful.
DriverTalent_setup7.1.27.76[1].exe
hwang Create Directory C:\Program Files\OSTotoSoft\DriverTalent!
DriverTalent_setup7.1.27.76[1].exe
hwang UnCompress DATA to C:\Program Files\OSTotoSoft\DriverTalent .
DriverTalent_setup7.1.27.76[1].exe
hwang UnCompress successful.
DriverTalent_setup7.1.27.76[1].exe
hwang Copy C:\Users\admin\AppData\Local\Temp\Hot6B55.tmp\DTInstUI.dll to C:\Program Files\OSTotoSoft\DriverTalent !
DriverTalent_setup7.1.27.76[1].exe
hwang Copy C:\Users\admin\AppData\Local\Temp\Hot6B55.tmp\AdModule.dll to C:\Program Files\OSTotoSoft\DriverTalent !
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
http://file.drivethelife.com/download/dtlabroad/7.1.27.76/DriverTalent_setup7.1.27.76.exe