File name:

DriverBoosterPortable.exe

Full analysis: https://app.any.run/tasks/98ede26f-6e08-4f1e-ab84-6dba9e70d4f9
Verdict: Malicious activity
Analysis date: April 01, 2025, 00:57:15
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
delphi
arch-doc
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 6 sections
MD5:

5ECD4B581CF0F6872FFF5E57B04482E8

SHA1:

1188273E4ABB1BC53FC292ED27FCAB52D271F22A

SHA256:

C81A94076FF7ABC916BADAB4BF4F82D3694E1F08356E90A3855FE6CF855BC3FD

SSDEEP:

3072:pRoaTrPnND01bSNzVJ6FTVJ9Me/UZkuKzgW6mFhsKHIVyTGG4:p2aTr1DobSNzVJ6FTVJ6PZ+cmFr+D

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Runs injected code in another process

      • ICONPIN64.exe (PID: 7176)

    • Application was injected by another process

      • explorer.exe (PID: 5492)

  • SUSPICIOUS

    • Starts CMD.EXE for commands execution

      • explorer.exe (PID: 5492)
      • DriverBooster.exe (PID: 7620)
      • IEDSetup.tmp (PID: 7928)

    • Starts POWERSHELL.EXE for commands execution

      • explorer.exe (PID: 5492)

    • SMB connection has been detected (probably for file transfer)

      • explorer.exe (PID: 5492)

    • Executable content was dropped or overwritten

      • driver_booster_setup.exe (PID: 8176)
      • driver_booster_setup.exe (PID: 6676)
      • driver_booster_setup.tmp (PID: 7328)
      • driver_booster_setup.exe (PID: 7448)
      • driver_booster_setup.tmp (PID: 5324)
      • HWiNFO.exe (PID: 6640)
      • IEDSetup.exe (PID: 8064)
      • IEDSetup.tmp (PID: 7928)
      • HVCIFix.exe (PID: 3300)

    • Reads security settings of Internet Explorer

      • driver_booster_setup.tmp (PID: 3968)
      • driver_booster_setup.tmp (PID: 7328)
      • driver_booster_setup.tmp (PID: 5324)
      • AutoUpdate.exe (PID: 5736)
      • setup.exe (PID: 7536)
      • DriverBooster.exe (PID: 7620)
      • DriverBooster.exe (PID: 6960)
      • IObitDownloader.exe (PID: 7240)
      • AutoUpdate.exe (PID: 1748)
      • IEDSetup.tmp (PID: 7928)
      • DismHost.exe (PID: 3192)
      • ProductStat3.exe (PID: 4380)

    • Reads the Windows owner or organization settings

      • driver_booster_setup.tmp (PID: 7328)
      • driver_booster_setup.tmp (PID: 5324)
      • IEDSetup.tmp (PID: 7928)

    • Process drops legitimate windows executable

      • driver_booster_setup.tmp (PID: 5324)
      • HVCIFix.exe (PID: 3300)

    • Process drops SQLite DLL files

      • driver_booster_setup.tmp (PID: 5324)

    • Drops 7-zip archiver for unpacking

      • driver_booster_setup.tmp (PID: 5324)

    • Drops a system driver (possible attempt to evade defenses)

      • HWiNFO.exe (PID: 6640)

    • Searches for installed software

      • setup.exe (PID: 7536)
      • InstStat.exe (PID: 7656)
      • IObitDownloader.exe (PID: 7240)
      • DriverBooster.exe (PID: 6960)

    • The process executes via Task Scheduler

      • DriverBooster.exe (PID: 6960)

    • Adds/modifies Windows certificates

      • DriverBooster.exe (PID: 6960)

    • Stops a currently running service

      • sc.exe (PID: 7508)

    • Checks for Java to be installed

      • DriverBooster.exe (PID: 6960)

    • The process creates files with name similar to system file names

      • HVCIFix.exe (PID: 3300)

    • Detected use of alternative data streams (AltDS)

      • HVCIFix.exe (PID: 3300)

    • Starts a Microsoft application from unusual location

      • DismHost.exe (PID: 3192)

    • Application launched itself

      • ProductStat3.exe (PID: 4380)

  • INFO

    • Reads security settings of Internet Explorer

      • explorer.exe (PID: 5492)

    • Reads the computer name

      • DriverBoosterPortable.exe (PID: 1116)
      • DriverBoosterPortable.exe (PID: 4244)
      • identity_helper.exe (PID: 5136)
      • driver_booster_setup.tmp (PID: 3968)
      • driver_booster_setup.tmp (PID: 7328)
      • setup.exe (PID: 7536)
      • driver_booster_setup.tmp (PID: 5324)
      • HWiNFO.exe (PID: 6640)
      • SetupHlp.exe (PID: 4300)
      • AutoUpdate.exe (PID: 5736)
      • SetupHlp.exe (PID: 1660)
      • InstStat.exe (PID: 7656)
      • IObitDownloader.exe (PID: 7240)
      • DriverBooster.exe (PID: 7620)
      • DriverBooster.exe (PID: 6960)
      • identity_helper.exe (PID: 4784)
      • ProductStat3.exe (PID: 7376)
      • NoteIcon.exe (PID: 8116)
      • AutoUpdate.exe (PID: 1748)
      • ProductStat3.exe (PID: 1812)
      • asrft.exe (PID: 896)
      • ScanWinUpd.exe (PID: 8036)
      • SetupHlp.exe (PID: 7836)
      • AUpdate.exe (PID: 7968)
      • IEDSetup.tmp (PID: 7928)
      • ProductStat3.exe (PID: 4424)
      • DBDownloader.exe (PID: 1180)
      • IEDInit.exe (PID: 7332)
      • DismHost.exe (PID: 3192)
      • HVCIFix.exe (PID: 3300)
      • DBDownloader.exe (PID: 7820)
      • ProductStat3.exe (PID: 7960)
      • ProductStat3.exe (PID: 4380)
      • ScanWinUpd.exe (PID: 7580)

    • Checks supported languages

      • DriverBoosterPortable.exe (PID: 1116)
      • DriverBoosterPortable.exe (PID: 4244)
      • identity_helper.exe (PID: 5136)
      • driver_booster_setup.exe (PID: 8176)
      • driver_booster_setup.tmp (PID: 3968)
      • driver_booster_setup.exe (PID: 6676)
      • driver_booster_setup.tmp (PID: 7328)
      • setup.exe (PID: 7536)
      • driver_booster_setup.exe (PID: 7448)
      • driver_booster_setup.tmp (PID: 5324)
      • HWiNFO.exe (PID: 6640)
      • SetupHlp.exe (PID: 4300)
      • RttHlp.exe (PID: 5720)
      • AutoUpdate.exe (PID: 5736)
      • ICONPIN64.exe (PID: 7176)
      • InstStat.exe (PID: 7656)
      • rma.exe (PID: 4784)
      • IObitDownloader.exe (PID: 7240)
      • SetupHlp.exe (PID: 1660)
      • DriverBooster.exe (PID: 6960)
      • Manta.exe (PID: 7708)
      • DriverBooster.exe (PID: 7620)
      • identity_helper.exe (PID: 4784)
      • AutoUpdate.exe (PID: 1748)
      • asrft.exe (PID: 896)
      • ProductStat3.exe (PID: 1812)
      • NoteIcon.exe (PID: 8116)
      • Manta.exe (PID: 8144)
      • RttHlp.exe (PID: 8124)
      • ProductStat3.exe (PID: 7376)
      • ScanWinUpd.exe (PID: 8036)
      • IEDSetup.exe (PID: 8064)
      • SetupHlp.exe (PID: 7836)
      • AUpdate.exe (PID: 7968)
      • IEDSetup.tmp (PID: 7928)
      • RttHlp.exe (PID: 4348)
      • HVCIFix.exe (PID: 3300)
      • x64Proxy.exe (PID: 7872)
      • Manta.exe (PID: 7816)
      • rma.exe (PID: 5528)
      • ProductStat3.exe (PID: 4424)
      • IEDInit.exe (PID: 7332)
      • DismHost.exe (PID: 3192)
      • DBDownloader.exe (PID: 1180)
      • Manta.exe (PID: 5960)
      • DBDownloader.exe (PID: 7820)
      • ScanWinUpd.exe (PID: 7580)
      • ProductStat3.exe (PID: 7960)
      • Manta.exe (PID: 4180)
      • ProductStat3.exe (PID: 4380)
      • ProductStat3.exe (PID: 896)

    • Create files in a temporary directory

      • DriverBoosterPortable.exe (PID: 1116)
      • DriverBoosterPortable.exe (PID: 4244)
      • driver_booster_setup.exe (PID: 8176)
      • driver_booster_setup.tmp (PID: 7328)
      • setup.exe (PID: 7536)
      • driver_booster_setup.exe (PID: 7448)
      • driver_booster_setup.exe (PID: 6676)
      • driver_booster_setup.tmp (PID: 5324)
      • HWiNFO.exe (PID: 6640)
      • ICONPIN64.exe (PID: 7176)
      • explorer.exe (PID: 5492)
      • IEDSetup.exe (PID: 8064)
      • IEDSetup.tmp (PID: 7928)
      • HVCIFix.exe (PID: 3300)

    • Manual execution by a user

      • cmd.exe (PID: 6988)
      • powershell.exe (PID: 920)
      • DriverBoosterPortable.exe (PID: 4244)
      • DriverBoosterPortable.exe (PID: 6436)
      • firefox.exe (PID: 1120)
      • msedge.exe (PID: 7812)
      • DriverBooster.exe (PID: 7620)

    • Checks current location (POWERSHELL)

      • powershell.exe (PID: 920)

    • Script raised an exception (POWERSHELL)

      • powershell.exe (PID: 920)

    • Reads the software policy settings

      • slui.exe (PID: 896)
      • slui.exe (PID: 1132)
      • DriverBooster.exe (PID: 6960)
      • DismHost.exe (PID: 3192)

    • Checks proxy server information

      • slui.exe (PID: 1132)

    • Application launched itself

      • firefox.exe (PID: 4024)
      • msedge.exe (PID: 7812)
      • firefox.exe (PID: 1120)
      • msedge.exe (PID: 7248)

    • Reads Environment values

      • identity_helper.exe (PID: 5136)
      • identity_helper.exe (PID: 4784)
      • DismHost.exe (PID: 3192)

    • Executable content was dropped or overwritten

      • msedge.exe (PID: 8040)
      • msedge.exe (PID: 7812)

    • Autorun file from Downloads

      • msedge.exe (PID: 5640)
      • msedge.exe (PID: 7812)

    • Process checks computer location settings

      • driver_booster_setup.tmp (PID: 3968)
      • driver_booster_setup.tmp (PID: 7328)
      • driver_booster_setup.tmp (PID: 5324)
      • AutoUpdate.exe (PID: 5736)
      • setup.exe (PID: 7536)
      • DriverBooster.exe (PID: 7620)
      • DriverBooster.exe (PID: 6960)
      • IObitDownloader.exe (PID: 7240)
      • AutoUpdate.exe (PID: 1748)
      • IEDSetup.tmp (PID: 7928)
      • ProductStat3.exe (PID: 4380)

    • The sample compiled with english language support

      • driver_booster_setup.tmp (PID: 7328)
      • driver_booster_setup.tmp (PID: 5324)
      • HWiNFO.exe (PID: 6640)
      • HVCIFix.exe (PID: 3300)
      • IEDSetup.tmp (PID: 7928)

    • Creates files in the program directory

      • setup.exe (PID: 7536)
      • driver_booster_setup.tmp (PID: 5324)
      • RttHlp.exe (PID: 5720)
      • SetupHlp.exe (PID: 4300)
      • AutoUpdate.exe (PID: 5736)
      • InstStat.exe (PID: 7656)
      • IObitDownloader.exe (PID: 7240)
      • DriverBooster.exe (PID: 6960)
      • AutoUpdate.exe (PID: 1748)
      • ProductStat3.exe (PID: 7376)
      • HVCIFix.exe (PID: 3300)
      • IEDSetup.tmp (PID: 7928)
      • DBDownloader.exe (PID: 1180)

    • Reads the machine GUID from the registry

      • setup.exe (PID: 7536)
      • AutoUpdate.exe (PID: 5736)
      • ICONPIN64.exe (PID: 7176)
      • InstStat.exe (PID: 7656)
      • IObitDownloader.exe (PID: 7240)
      • DriverBooster.exe (PID: 6960)
      • AutoUpdate.exe (PID: 1748)
      • asrft.exe (PID: 896)
      • ScanWinUpd.exe (PID: 8036)
      • AUpdate.exe (PID: 7968)
      • DBDownloader.exe (PID: 1180)
      • ProductStat3.exe (PID: 7960)
      • DismHost.exe (PID: 3192)
      • ScanWinUpd.exe (PID: 7580)

    • Creates files or folders in the user directory

      • setup.exe (PID: 7536)
      • explorer.exe (PID: 5492)
      • AutoUpdate.exe (PID: 5736)
      • InstStat.exe (PID: 7656)
      • DriverBooster.exe (PID: 6960)
      • AUpdate.exe (PID: 7968)
      • HVCIFix.exe (PID: 3300)

    • Compiled with Borland Delphi (YARA)

      • setup.exe (PID: 7536)

    • The sample compiled with arabic language support

      • driver_booster_setup.tmp (PID: 5324)

    • Creates a software uninstall entry

      • driver_booster_setup.tmp (PID: 5324)

    • Reads CPU info

      • DriverBooster.exe (PID: 6960)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (42.2)
.exe | Win64 Executable (generic) (37.3)
.dll | Win32 Dynamic Link Library (generic) (8.8)
.exe | Win32 Executable (generic) (6)
.exe | Generic Win/DOS Executable (2.7)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2012:02:24 19:19:59+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 10
CodeSize: 28672
InitializedDataSize: 430080
UninitializedDataSize: 16896
EntryPoint: 0x39e3
OSVersion: 5
ImageVersion: 6
SubsystemVersion: 5
Subsystem: Windows GUI
FileVersionNumber: 2.2.1.1
ProductVersionNumber: 2.2.1.1
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Windows, Turkish
Comments: A build of the Launcher for Driver Booster Portable, allowing it to be run from a removable drive.
CompanyName: LRepacks / FoxxApp
FileDescription: Driver Booster Portable Launcher
FileVersion: 2.2.1.1
InternalName: PortableApp Launcher
LegalCopyright: Copyright (C) 2021 IObit. All rights reserved.
LegalTrademarks: IObit
OriginalFileName: DriverBoosterPortable.exe
ProductName: IObit Driver Booster
ProductVersion: 2.2.1.1
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
294
Monitored processes
151
Malicious processes
9
Suspicious processes
2

Behavior graph

Click at the process to see the details
start driverboosterportable.exe sppextcomobj.exe no specs slui.exe cmd.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs slui.exe rundll32.exe no specs driverboosterportable.exe no specs driverboosterportable.exe firefox.exe no specs firefox.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs driver_booster_setup.exe driver_booster_setup.tmp no specs driver_booster_setup.exe driver_booster_setup.tmp setup.exe msedge.exe no specs msedge.exe no specs driver_booster_setup.exe driver_booster_setup.tmp msedge.exe no specs msedge.exe no specs hwinfo.exe setuphlp.exe no specs rtthlp.exe no specs autoupdate.exe msedge.exe no specs rma.exe no specs iconpin64.exe no specs inststat.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs iobitdownloader.exe setuphlp.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs driverbooster.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs cmd.exe no specs conhost.exe no specs msedge.exe no specs schtasks.exe no specs msedge.exe no specs driverbooster.exe manta.exe no specs productstat3.exe no specs autoupdate.exe msedge.exe no specs msedge.exe no specs asrft.exe msedge.exe no specs msedge.exe no specs noteicon.exe no specs rtthlp.exe no specs manta.exe no specs productstat3.exe no specs scanwinupd.exe rtthlp.exe no specs setuphlp.exe no specs aupdate.exe iedsetup.exe iedsetup.tmp hvcifix.exe x64proxy.exe no specs conhost.exe no specs manta.exe no specs productstat3.exe no specs rma.exe no specs cmd.exe no specs conhost.exe no specs sc.exe no specs dbdownloader.exe iedinit.exe no specs dismhost.exe no specs scanwinupd.exe dbdownloader.exe manta.exe no specs productstat3.exe manta.exe no specs productstat3.exe no specs productstat3.exe no specs explorer.exe driverboosterportable.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
132"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5004 --field-trial-handle=2400,i,47388603711495752,16944585952799874530,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
300"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1912 -parentBuildID 20240213221259 -prefsHandle 1844 -prefMapHandle 1836 -prefsLen 31031 -prefMapSize 244583 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d0873d40-976e-4c8c-be4f-20543e0492d3} 4024 "\\.\pipe\gecko-crash-server-pipe.4024" 297978ef110 gpuC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
1
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140_1.dll
300"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --mojo-platform-channel-handle=6544 --field-trial-handle=2460,i,16376313113358102899,11587155894795634283,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
540"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=2028 --field-trial-handle=2460,i,16376313113358102899,11587155894795634283,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
672"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_xpay_wallet.mojom.EdgeXPayWalletService --lang=en-US --service-sandbox-type=utility --no-appcompat-clear --mojo-platform-channel-handle=5800 --field-trial-handle=2460,i,16376313113358102899,11587155894795634283,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
896"C:\WINDOWS\System32\SLUI.exe" RuleId=3482d82e-ca2c-4e1f-8864-da0267b484b2;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=TimerEventC:\Windows\System32\slui.exe
SppExtComObj.Exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows Activation Client
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
896"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5216 -childID 4 -isForBrowser -prefsHandle 5228 -prefMapHandle 5232 -prefsLen 31251 -prefMapSize 244583 -jsInitHandle 1512 -jsInitLen 235124 -parentBuildID 20240213221259 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {78dd7725-fb1c-41b6-89dd-6649c05bf06e} 4024 "\\.\pipe\gecko-crash-server-pipe.4024" 297a2b784d0 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
896"C:\Program Files (x86)\IObit\Driver Booster\12.3.0\asrft.exe" /infostat /app=dbC:\Program Files (x86)\IObit\Driver Booster\12.3.0\asrft.exe
DriverBooster.exe
User:
admin
Company:
IObit
Integrity Level:
HIGH
Description:
IObit asrft
Exit code:
0
Version:
17.0.0.70
Modules
Images
c:\program files (x86)\iobit\driver booster\12.3.0\asrft.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
896"C:\Program Files (x86)\IObit\Driver Booster\12.3.0\ProductStat3.exe" /postspcache "C:\ProgramData\ProductData3\StatSpCache.dat"C:\Program Files (x86)\IObit\Driver Booster\12.3.0\ProductStat3.exeProductStat3.exe
User:
admin
Company:
IObit
Integrity Level:
HIGH
Description:
IObit stat Component
Exit code:
0
Version:
3.0.0.6462
Modules
Images
c:\program files (x86)\iobit\driver booster\12.3.0\productstat3.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\oleaut32.dll
c:\windows\syswow64\msvcp_win.dll
904"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3496 --field-trial-handle=2460,i,16376313113358102899,11587155894795634283,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
70 651
Read events
70 337
Write events
276
Delete events
38

Modification events

(PID) Process:(5492) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Security and Maintenance\Checks\{C8E6F269-B90A-4053-A3BE-499AFCEC98C4}.check.0
Operation:writeName:CheckSetting
Value:
23004100430042006C006F00620000000000000000000000010000000000000000000000
(PID) Process:(5492) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\5\ApplicationViewManagement\W32:000000000004026A
Operation:writeName:VirtualDesktop
Value:
1000000030304456BFA0DB55E4278845B426357D5B5F97B3
(PID) Process:(5492) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Shell\Bags\1\Desktop
Operation:writeName:IconLayouts
Value:
00000000000000000000000000000000030001000100010016000000000000002C000000000000003A003A007B00360034003500460046003000340030002D0035003000380031002D0031003000310042002D0039004600300038002D003000300041004100300030003200460039003500340045007D003E002000200000001000000000000000430043006C00650061006E00650072002E006C006E006B003E0020007C0000001500000000000000410064006F006200650020004100630072006F006200610074002E006C006E006B003E0020007C0000000F00000000000000460069007200650066006F0078002E006C006E006B003E0020007C000000150000000000000047006F006F0067006C00650020004300680072006F006D0065002E006C006E006B003E0020007C000000180000000000000056004C00430020006D006500640069006100200070006C0061007900650072002E006C006E006B003E0020007C00000016000000000000004D006900630072006F0073006F0066007400200045006400670065002E006C006E006B003E0020007C0000000D0000000000000053006B007900700065002E006C006E006B003E0020007C000000130000000000000061006E007300770065007200730070006500650064002E007200740066003E00200020000000150000000000000061007000720069006C00730061007400750072006400610079002E007200740066003E00200020000000180000000000000063006F006D0070006F006E0065006E007400730062006F0061007200640073002E007200740066003E002000200000001200000000000000640061007400650070006C0061007900650072002E007200740066003E002000200000000F0000000000000064006900650062006F00640079002E007200740066003E0020002000000018000000000000006500660066006500630074006900760065007100750061006C006900740079002E0070006E0067003E002000200000000F0000000000000066006C006F0077006F00630074002E006A00700067003E002000200000000E000000000000006900690069006200610079002E007200740066003E002000200000000F00000000000000700069006E006B006100640064002E006A00700067003E002000200000001300000000000000720065006100640065007200770072006900740065002E006A00700067003E0020002000000016000000000000007300650063007500720069007400790069006D0061006700650073002E006A00700067003E0020002000000016000000000000007400720079007000680065006E007400650072006D0069006E0065002E006A00700067003E00200020000000130000000000000077006F0072007400680068006F00740065006C0073002E0070006E0067003E002000200000001D0000000000000044007200690076006500720042006F006F00730074006500720050006F0072007400610062006C0065002E006500780065003E00200020000000010000000000000002000100000000000000000001000000000000000200010000000000000000001100000006000000010000001600000000000000000000000000000000000000803F0000004008000000803F0000404009000000803F000080400A000000803F0000A0400B0000000040000000000C00000000400000803F0D0000000040000000400E0000000040000040400F0000000040000080401000000000400000A040110000004040000000001200000040400000803F130000004040000000401400000000000000803F0100000000000000004002000000000000004040030000000000000080400400000000000000A04005000000803F0000000006000000803F0000803F070000004040000040401500
(PID) Process:(5492) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Shell\Bags\1\Desktop
Operation:writeName:IconNameVersion
Value:
1
(PID) Process:(5492) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts
Operation:writeName:LastUpdate
Value:
F139EB6700000000
(PID) Process:(5492) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Search
Operation:writeName:TraySearchBoxVisible
Value:
1
(PID) Process:(5492) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Search
Operation:writeName:TraySearchBoxVisibleOnAnyMonitor
Value:
1
(PID) Process:(5492) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\TrayButtonClicked
Operation:writeName:StartButton
Value:
149
(PID) Process:(5492) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\5\ApplicationViewManagement\W32:00000000000A02E8
Operation:writeName:VirtualDesktop
Value:
1000000030304456BFA0DB55E4278845B426357D5B5F97B3
(PID) Process:(5492) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\5\ApplicationViewManagement\W32:00000000000A02E8
Operation:delete keyName:(default)
Value:
Executable files
328
Suspicious files
1 038
Text files
515
Unknown types
0

Dropped files

PID
Process
Filename
Type
4024firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\9kie7cg6.default-release\startupCache\scriptCache-current.bin
MD5:
SHA256:
5492explorer.exeC:\Users\admin\AppData\Local\Microsoft\PenWorkspace\DiscoverCacheData.datbinary
MD5:E49C56350AEDF784BFE00E444B879672
SHA256:A8BD235303668981563DFB5AAE338CB802817C4060E2C199B7C84901D57B7E1E
920powershell.exeC:\Users\admin\AppData\Local\Temp\__PSScriptPolicyTest_bm55wok5.f4w.ps1text
MD5:D17FE0A3F47BE24A6453E9EF58C94641
SHA256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
920powershell.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF118087.TMPbinary
MD5:D040F64E9E7A2BB91ABCA5613424598E
SHA256:D04E0A6940609BD6F3B561B0F6027F5CA4E8C5CF0FB0D0874B380A0374A8D670
920powershell.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadline\ConsoleHost_history.txttext
MD5:759C841FBE94842730C8523474E9A3A0
SHA256:331A941ED1307FA398874E0BA91D35C39CB1636325BB5F425EC33ECE9AC920B1
920powershell.exeC:\Users\admin\AppData\Local\Temp\__PSScriptPolicyTest_hgrnmm33.xa2.ps1text
MD5:D17FE0A3F47BE24A6453E9EF58C94641
SHA256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
920powershell.exeC:\Users\admin\AppData\Local\Temp\__PSScriptPolicyTest_aufohma3.vie.psm1text
MD5:D17FE0A3F47BE24A6453E9EF58C94641
SHA256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
920powershell.exeC:\Users\admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCachebinary
MD5:3F95A05381C6D14195F6A1538F5FBADE
SHA256:0E753E9AD3EDE811C17D076B462F85321B8F559C2E462AF0990A1653573A525F
4024firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
4024firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\9kie7cg6.default-release\startupCache\urlCache-current.binbinary
MD5:297E88D7CEB26E549254EC875649F4EB
SHA256:8B75D4FB1845BAA06122888D11F6B65E6A36B140C54A72CC13DF390FD7C95702
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
63
TCP/UDP connections
388
DNS requests
372
Threats
13

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5496
MoUsoCoreWorker.exe
GET
200
23.48.23.143:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
23.48.23.143:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6544
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
2924
SearchApp.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
920
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
920
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
2924
SearchApp.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
4024
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/canonical.html
unknown
whitelisted
4024
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/success.txt?ipv4
unknown
whitelisted
4024
firefox.exe
POST
142.250.185.67:80
http://o.pki.goog/we2
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
23.48.23.143:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5496
MoUsoCoreWorker.exe
23.48.23.143:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
3216
svchost.exe
172.172.255.218:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6544
svchost.exe
20.190.159.75:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6544
svchost.exe
2.17.190.73:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
2104
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2924
SearchApp.exe
23.212.110.162:443
www.bing.com
Akamai International B.V.
CZ
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
  • 40.127.240.158
whitelisted
crl.microsoft.com
  • 23.48.23.143
  • 23.48.23.156
whitelisted
google.com
  • 142.250.186.142
whitelisted
client.wns.windows.com
  • 172.172.255.218
  • 20.7.1.246
whitelisted
login.live.com
  • 20.190.159.75
  • 20.190.159.128
  • 40.126.31.1
  • 20.190.159.68
  • 40.126.31.129
  • 40.126.31.130
  • 20.190.159.130
  • 40.126.31.128
  • 40.126.31.3
  • 20.190.159.0
  • 20.190.159.2
  • 20.190.159.64
  • 20.190.159.131
whitelisted
ocsp.digicert.com
  • 2.17.190.73
whitelisted
www.bing.com
  • 23.212.110.162
  • 23.212.110.144
  • 2.16.241.218
  • 2.16.241.201
  • 95.101.79.99
  • 2.17.22.48
whitelisted
fp.msedge.net
  • 204.79.197.222
whitelisted
slscr.update.microsoft.com
  • 4.175.87.197
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted

Threats

PID
Process
Class
Message
8040
msedge.exe
Potentially Bad Traffic
ET DNS Query for .cc TLD
8040
msedge.exe
Potentially Bad Traffic
ET DNS Query for .cc TLD
8040
msedge.exe
Misc activity
SUSPICIOUS [ANY.RUN] Tracking Service (.popin .cc)
8040
msedge.exe
Misc activity
SUSPICIOUS [ANY.RUN] Tracking Service (.popin .cc)
8040
msedge.exe
Misc activity
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
8040
msedge.exe
Misc activity
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
8040
msedge.exe
Misc activity
ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI
8040
msedge.exe
Misc activity
ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI
6960
DriverBooster.exe
Potentially Bad Traffic
ET HUNTING Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
6960
DriverBooster.exe
Potentially Bad Traffic
ET HUNTING Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
DriverBoosterPortable.exe