File name:

driver-hub-install__28.exe

Full analysis: https://app.any.run/tasks/e6ee222d-0e2f-4811-8a35-73a44f02ae77
Verdict: Malicious activity
Analysis date: January 10, 2025, 21:29:39
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections
MD5:

FE6D9186C3BE67F5661C86D55DC1BF33

SHA1:

975D3FCD37D7CB5239757470F2B94B8D4D7405E7

SHA256:

33CEB17AC30DB78E5A91E3DED8010F067B7BAA0A7A80E8E33364045F535330AB

SSDEEP:

24576:Cbawet5uwFpl+55Bvb6oL75OZf5wi94JfXH:Cbappl+55NJLVOZf5wi94JfXH

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • driver-hub-install__28.exe (PID: 6592)
      • driver-hub-install__28.exe (PID: 3612)
      • VC_redist.x86.exe (PID: 4388)
    • Application launched itself

      • driver-hub-install__28.exe (PID: 3612)
      • VC_redist.x86.exe (PID: 6648)
      • VC_redist.x86.exe (PID: 4388)
    • Searches for installed software

      • driver-hub-install__28.exe (PID: 6592)
    • Starts a Microsoft application from unusual location

      • vcredist.exe (PID: 3288)
      • vcredist.exe (PID: 5308)
      • VC_redist.x86.exe (PID: 1616)
    • Process drops legitimate windows executable

      • driver-hub-install__28.exe (PID: 6592)
      • vcredist.exe (PID: 3288)
      • VC_redist.x86.exe (PID: 1616)
      • vcredist.exe (PID: 5308)
      • msiexec.exe (PID: 6780)
      • VC_redist.x86.exe (PID: 7104)
    • Creates a software uninstall entry

      • driver-hub-install__28.exe (PID: 6592)
      • VC_redist.x86.exe (PID: 1616)
    • Executable content was dropped or overwritten

      • driver-hub-install__28.exe (PID: 6592)
      • vcredist.exe (PID: 3288)
      • vcredist.exe (PID: 5308)
      • VC_redist.x86.exe (PID: 1616)
      • VC_redist.x86.exe (PID: 4388)
      • VC_redist.x86.exe (PID: 7104)
    • Starts itself from another location

      • vcredist.exe (PID: 5308)
    • Executes as Windows Service

      • VSSVC.exe (PID: 4076)
    • Checks Windows Trust Settings

      • msiexec.exe (PID: 6780)
    • The process drops C-runtime libraries

      • msiexec.exe (PID: 6780)
  • INFO

    • Creates files in the program directory

      • driver-hub-install__28.exe (PID: 6592)
    • Checks supported languages

      • driver-hub-install__28.exe (PID: 6592)
      • driver-hub-install__28.exe (PID: 3612)
      • vcredist.exe (PID: 3288)
      • vcredist.exe (PID: 5308)
      • msiexec.exe (PID: 6780)
      • VC_redist.x86.exe (PID: 6648)
      • VC_redist.x86.exe (PID: 4388)
    • Reads the machine GUID from the registry

      • driver-hub-install__28.exe (PID: 6592)
      • driver-hub-install__28.exe (PID: 3612)
      • VC_redist.x86.exe (PID: 1616)
      • msiexec.exe (PID: 6780)
    • Reads the software policy settings

      • driver-hub-install__28.exe (PID: 6592)
    • The process uses the downloaded file

      • driver-hub-install__28.exe (PID: 3612)
    • Reads the computer name

      • driver-hub-install__28.exe (PID: 3612)
      • msiexec.exe (PID: 6780)
      • VC_redist.x86.exe (PID: 4388)
      • VC_redist.x86.exe (PID: 7104)
    • Process checks computer location settings

      • driver-hub-install__28.exe (PID: 3612)
      • vcredist.exe (PID: 5308)
      • VC_redist.x86.exe (PID: 4388)
    • The sample compiled with english language support

      • driver-hub-install__28.exe (PID: 6592)
      • vcredist.exe (PID: 3288)
      • vcredist.exe (PID: 5308)
      • VC_redist.x86.exe (PID: 1616)
      • msiexec.exe (PID: 6780)
      • VC_redist.x86.exe (PID: 4388)
      • VC_redist.x86.exe (PID: 7104)
    • The sample compiled with russian language support

      • driver-hub-install__28.exe (PID: 6592)
    • Create files in a temporary directory

      • vcredist.exe (PID: 5308)
      • VC_redist.x86.exe (PID: 1616)
    • Manages system restore points

      • SrTasks.exe (PID: 4952)
    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 6780)
    • Creates a software uninstall entry

      • msiexec.exe (PID: 6780)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (64.6)
.dll | Win32 Dynamic Link Library (generic) (15.4)
.exe | Win32 Executable (generic) (10.5)
.exe | Generic Win/DOS Executable (4.6)
.exe | DOS Executable Generic (4.6)

EXIF

EXE

AssemblyVersion: 4.0.7.0
ProductVersion: 4.0.7.0
ProductName: DriverHub
OriginalFileName: DriverHubInstaller.exe
LegalTrademarks: -
LegalCopyright: © ROSTPAY LTD. All rights reserved.
InternalName: DriverHubInstaller.exe
FileVersion: 4.0.7.0
FileDescription: Install DriverHub
CompanyName: -
Comments: -
CharacterSet: Unicode
LanguageCode: Neutral
FileSubtype: -
ObjectFileType: Executable application
FileOS: Win32
FileFlags: (none)
FileFlagsMask: 0x003f
ProductVersionNumber: 4.0.7.0
FileVersionNumber: 4.0.7.0
Subsystem: Windows GUI
SubsystemVersion: 6
ImageVersion: -
OSVersion: 4
EntryPoint: 0xa7792
UninitializedDataSize: -
InitializedDataSize: 69120
CodeSize: 677888
LinkerVersion: 48
PEType: PE32
ImageFileCharacteristics: Executable, Large address aware
TimeStamp: 2098:11:19 20:09:20+00:00
MachineType: Intel 386 or later, and compatibles
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
142
Monitored processes
14
Malicious processes
4
Suspicious processes
3

Behavior graph

Click at the process to see the details
start driver-hub-install__28.exe no specs driver-hub-install__28.exe vcredist.exe vcredist.exe vc_redist.x86.exe SPPSurrogate no specs vssvc.exe no specs srtasks.exe no specs conhost.exe no specs msiexec.exe vc_redist.x86.exe no specs vc_redist.x86.exe vc_redist.x86.exe svchost.exe

Process information

PID
CMD
Path
Indicators
Parent process
2192C:\WINDOWS\system32\svchost.exe -k NetworkService -p -s DnscacheC:\Windows\System32\svchost.exe
services.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Host Process for Windows Services
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\kernel.appcore.dll
3612"C:\Users\admin\AppData\Local\Temp\driver-hub-install__28.exe" C:\Users\admin\AppData\Local\Temp\driver-hub-install__28.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Install DriverHub
Exit code:
0
Version:
4.0.7.0
Modules
Images
c:\users\admin\appdata\local\temp\driver-hub-install__28.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\mscoree.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
6592"C:\Users\admin\AppData\Local\Temp\driver-hub-install__28.exe" /install /pos=220,20 /lang=en /framework=1C:\Users\admin\AppData\Local\Temp\driver-hub-install__28.exe
driver-hub-install__28.exe
User:
admin
Integrity Level:
HIGH
Description:
Install DriverHub
Version:
4.0.7.0
Modules
Images
c:\users\admin\appdata\local\temp\driver-hub-install__28.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\mscoree.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
3288"C:\Users\admin\AppData\Local\Temp\DriverHub\vcredist.exe" /quiet /norestartC:\Users\admin\AppData\Local\Temp\DriverHub\vcredist.exe
driver-hub-install__28.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.38.33135
Exit code:
0
Version:
14.38.33135.0
Modules
Images
c:\users\admin\appdata\local\temp\driverhub\vcredist.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
5308"C:\WINDOWS\Temp\{99D5E8FB-F04E-4E27-A700-E86A40BF062A}\.cr\vcredist.exe" -burn.clean.room="C:\Users\admin\AppData\Local\Temp\DriverHub\vcredist.exe" -burn.filehandle.attached=616 -burn.filehandle.self=620 /quiet /norestartC:\Windows\Temp\{99D5E8FB-F04E-4E27-A700-E86A40BF062A}\.cr\vcredist.exe
vcredist.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.38.33135
Exit code:
0
Version:
14.38.33135.0
Modules
Images
c:\windows\temp\{99d5e8fb-f04e-4e27-a700-e86a40bf062a}\.cr\vcredist.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
1616"C:\WINDOWS\Temp\{A8192D99-D600-4155-B755-20FBA5E098BF}\.be\VC_redist.x86.exe" -q -burn.elevated BurnPipe.{A1CDFAC5-D5F5-42BF-91B7-696D7D1B759B} {8835D39A-01F8-4D67-9B2B-A5E1D91A1019} 5308C:\Windows\Temp\{A8192D99-D600-4155-B755-20FBA5E098BF}\.be\VC_redist.x86.exe
vcredist.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.38.33135
Exit code:
0
Version:
14.38.33135.0
Modules
Images
c:\windows\temp\{a8192d99-d600-4155-b755-20fba5e098bf}\.be\vc_redist.x86.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
2972C:\WINDOWS\system32\DllHost.exe /Processid:{F32D97DF-E3E5-4CB9-9E3E-0EB5B4E49801}C:\Windows\System32\dllhost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
COM Surrogate
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\dllhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\kernel.appcore.dll
c:\windows\system32\msvcrt.dll
4076C:\WINDOWS\system32\vssvc.exeC:\Windows\System32\VSSVC.exeservices.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft® Volume Shadow Copy Service
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\vssvc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
4952C:\WINDOWS\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:11C:\Windows\System32\SrTasks.exedllhost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft® Windows System Protection background tasks.
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\srtasks.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
3992\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeSrTasks.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
14 108
Read events
13 210
Write events
634
Delete events
264

Modification events

(PID) Process:(3612) driver-hub-install__28.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\CUAS\DefaultCompositionWindow
Operation:writeName:Left
Value:
0
(PID) Process:(3612) driver-hub-install__28.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\CUAS\DefaultCompositionWindow
Operation:writeName:Top
Value:
0
(PID) Process:(6592) driver-hub-install__28.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\driver-hub-install__28_RASAPI32
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(6592) driver-hub-install__28.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\driver-hub-install__28_RASAPI32
Operation:writeName:EnableAutoFileTracing
Value:
0
(PID) Process:(6592) driver-hub-install__28.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\driver-hub-install__28_RASAPI32
Operation:writeName:EnableConsoleTracing
Value:
0
(PID) Process:(6592) driver-hub-install__28.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\driver-hub-install__28_RASAPI32
Operation:writeName:FileTracingMask
Value:
(PID) Process:(6592) driver-hub-install__28.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\driver-hub-install__28_RASAPI32
Operation:writeName:ConsoleTracingMask
Value:
(PID) Process:(6592) driver-hub-install__28.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\driver-hub-install__28_RASAPI32
Operation:writeName:MaxFileSize
Value:
1048576
(PID) Process:(6592) driver-hub-install__28.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\driver-hub-install__28_RASAPI32
Operation:writeName:FileDirectory
Value:
%windir%\tracing
(PID) Process:(6592) driver-hub-install__28.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\driver-hub-install__28_RASMANCS
Operation:writeName:EnableFileTracing
Value:
0
Executable files
106
Suspicious files
80
Text files
610
Unknown types
1

Dropped files

PID
Process
Filename
Type
6592driver-hub-install__28.exeC:\Program Files (x86)\DriverHub\libEGL.dllexecutable
MD5:E0E4011346A86083A0EC8EB01136D0BA
SHA256:411966CE4F8FEBB2FE3AB84B97ED9FB9062AB60C6211FC3B3E4A25A5EE607ECB
6592driver-hub-install__28.exeC:\Program Files (x86)\DriverHub\Images\DriverHubLogo.pngimage
MD5:451B153070269850DA133D4E493A1BD6
SHA256:91D221FE4045038100274A1A32F8155C0195517C51A712B1F742A4F5BBB45E4B
6592driver-hub-install__28.exeC:\Program Files (x86)\DriverHub\imageformats\qjpeg.dllexecutable
MD5:35AA301AF3284B1349C4229B8937C895
SHA256:8A7B522660C91AA5463C5A9534C9B4959E3055448E6B9428ED8F1352549B088C
6592driver-hub-install__28.exeC:\Program Files (x86)\DriverHub\imageformats\qgif.dllexecutable
MD5:A7D24E2226FF09208E22FC6F70BF0DE7
SHA256:6356257682FB64D28AD68DEBEA96E1A0104C273E8838953459A110933F0A84BE
6592driver-hub-install__28.exeC:\Program Files (x86)\DriverHub\libcurl.dllexecutable
MD5:E5064ADFBC48E3FB81F09E7B8E78D49D
SHA256:4BFCAEE356CF1B99D3DBC03D42018FCFC29271C6A72B373343D24C45A7569489
6592driver-hub-install__28.exeC:\Program Files (x86)\DriverHub\DriverHubUninstaller.exeexecutable
MD5:C517A578D67C99DF6A9FDB5513BA0E43
SHA256:EB8D01BC243243407990CE15CE08C25A53D57ED93FE6E80FCA575D7EC4099991
6592driver-hub-install__28.exeC:\Program Files (x86)\DriverHub\DriverHub.exebinary
MD5:7020BE7436DCD6D6BE2EA720A656A9E3
SHA256:A9FE171F30446178F7EA4972D06F2D47BD89D7A42050D9F1BBC05884C74C8E4E
6592driver-hub-install__28.exeC:\Program Files (x86)\DriverHub\libssl-1_1.dllexecutable
MD5:4A1BD71115017098E6B75570A61B6DC3
SHA256:244AE1F0EF1AD908B54068EB13611FBA58C8F78BA2F126ACDE7379A0C823123F
6592driver-hub-install__28.exeC:\Program Files (x86)\DriverHub\lum_sdk32.dllexecutable
MD5:FDB9B5CABA4AC20D8D9406541361C4E7
SHA256:A406E654B9E62CC84BA3EE3B0ABA28BEC640A16A12ADF4EBEEEDE216A40F0DFE
6592driver-hub-install__28.exeC:\Program Files (x86)\DriverHub\libGLESv2.dllexecutable
MD5:CB9B4E963A78FBFB70E13BDF30509235
SHA256:DE7DABF9C1BC8D0BF448EFAE15F9FBB32FA3BCD0DC676F1F7696B8DE0662B6F4
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
9
TCP/UDP connections
42
DNS requests
23
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6780
msiexec.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl
unknown
whitelisted
6780
msiexec.exe
GET
200
2.16.241.12:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1176
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
23.48.23.193:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
2.16.253.202:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
7132
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
6184
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
5004
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4712
MoUsoCoreWorker.exe
23.48.23.193:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
4712
MoUsoCoreWorker.exe
2.16.253.202:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted
5064
SearchApp.exe
2.16.204.134:443
www.bing.com
Akamai International B.V.
DE
whitelisted
4
System
192.168.100.255:138
whitelisted
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
1176
svchost.exe
20.190.159.71:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1176
svchost.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 40.127.240.158
  • 51.104.136.2
whitelisted
crl.microsoft.com
  • 23.48.23.193
  • 23.48.23.173
  • 23.48.23.177
  • 23.48.23.167
  • 23.48.23.183
  • 23.48.23.190
  • 23.48.23.139
  • 23.48.23.140
  • 23.48.23.180
  • 2.16.241.12
  • 2.16.241.19
whitelisted
www.microsoft.com
  • 2.16.253.202
  • 95.101.149.131
whitelisted
google.com
  • 142.250.186.142
whitelisted
www.bing.com
  • 2.16.204.134
  • 2.16.204.160
  • 2.16.204.148
  • 2.16.204.138
  • 2.16.204.149
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
login.live.com
  • 20.190.159.71
  • 20.190.159.64
  • 40.126.31.73
  • 20.190.159.23
  • 20.190.159.68
  • 20.190.159.73
  • 40.126.31.69
  • 40.126.31.67
whitelisted
go.microsoft.com
  • 23.35.238.131
whitelisted
api.az-partners.net
  • 188.130.153.32
  • 188.130.153.33
unknown
www.drvhub.net
  • 188.130.153.33
  • 188.130.153.32
whitelisted

Threats

No threats detected
No debug info