File name:

driver-hub-install__28.exe

Full analysis: https://app.any.run/tasks/e6ee222d-0e2f-4811-8a35-73a44f02ae77
Verdict: Malicious activity
Analysis date: January 10, 2025, 21:29:39
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections
MD5:

FE6D9186C3BE67F5661C86D55DC1BF33

SHA1:

975D3FCD37D7CB5239757470F2B94B8D4D7405E7

SHA256:

33CEB17AC30DB78E5A91E3DED8010F067B7BAA0A7A80E8E33364045F535330AB

SSDEEP:

24576:Cbawet5uwFpl+55Bvb6oL75OZf5wi94JfXH:Cbappl+55NJLVOZf5wi94JfXH

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    • Application launched itself

      • driver-hub-install__28.exe (PID: 3612)
      • VC_redist.x86.exe (PID: 6648)
      • VC_redist.x86.exe (PID: 4388)
    • Reads security settings of Internet Explorer

      • driver-hub-install__28.exe (PID: 3612)
      • driver-hub-install__28.exe (PID: 6592)
      • VC_redist.x86.exe (PID: 4388)
    • Process drops legitimate windows executable

      • driver-hub-install__28.exe (PID: 6592)
      • vcredist.exe (PID: 3288)
      • vcredist.exe (PID: 5308)
      • msiexec.exe (PID: 6780)
      • VC_redist.x86.exe (PID: 1616)
      • VC_redist.x86.exe (PID: 7104)
    • Starts a Microsoft application from unusual location

      • vcredist.exe (PID: 3288)
      • vcredist.exe (PID: 5308)
      • VC_redist.x86.exe (PID: 1616)
    • Searches for installed software

      • driver-hub-install__28.exe (PID: 6592)
    • Creates a software uninstall entry

      • driver-hub-install__28.exe (PID: 6592)
      • VC_redist.x86.exe (PID: 1616)
    • Executable content was dropped or overwritten

      • driver-hub-install__28.exe (PID: 6592)
      • vcredist.exe (PID: 3288)
      • vcredist.exe (PID: 5308)
      • VC_redist.x86.exe (PID: 1616)
      • VC_redist.x86.exe (PID: 4388)
      • VC_redist.x86.exe (PID: 7104)
    • Executes as Windows Service

      • VSSVC.exe (PID: 4076)
    • Starts itself from another location

      • vcredist.exe (PID: 5308)
    • Checks Windows Trust Settings

      • msiexec.exe (PID: 6780)
    • The process drops C-runtime libraries

      • msiexec.exe (PID: 6780)
  • INFO

    • Reads the machine GUID from the registry

      • driver-hub-install__28.exe (PID: 6592)
      • driver-hub-install__28.exe (PID: 3612)
      • msiexec.exe (PID: 6780)
      • VC_redist.x86.exe (PID: 1616)
    • The process uses the downloaded file

      • driver-hub-install__28.exe (PID: 3612)
    • Reads the software policy settings

      • driver-hub-install__28.exe (PID: 6592)
    • Process checks computer location settings

      • driver-hub-install__28.exe (PID: 3612)
      • vcredist.exe (PID: 5308)
      • VC_redist.x86.exe (PID: 4388)
    • Reads the computer name

      • driver-hub-install__28.exe (PID: 3612)
      • msiexec.exe (PID: 6780)
      • VC_redist.x86.exe (PID: 4388)
      • VC_redist.x86.exe (PID: 7104)
    • Checks supported languages

      • driver-hub-install__28.exe (PID: 3612)
      • driver-hub-install__28.exe (PID: 6592)
      • vcredist.exe (PID: 3288)
      • vcredist.exe (PID: 5308)
      • VC_redist.x86.exe (PID: 6648)
      • msiexec.exe (PID: 6780)
      • VC_redist.x86.exe (PID: 4388)
    • The sample compiled with russian language support

      • driver-hub-install__28.exe (PID: 6592)
    • The sample compiled with english language support

      • vcredist.exe (PID: 3288)
      • driver-hub-install__28.exe (PID: 6592)
      • VC_redist.x86.exe (PID: 1616)
      • vcredist.exe (PID: 5308)
      • msiexec.exe (PID: 6780)
      • VC_redist.x86.exe (PID: 4388)
      • VC_redist.x86.exe (PID: 7104)
    • Creates files in the program directory

      • driver-hub-install__28.exe (PID: 6592)
    • Create files in a temporary directory

      • vcredist.exe (PID: 5308)
      • VC_redist.x86.exe (PID: 1616)
    • Manages system restore points

      • SrTasks.exe (PID: 4952)
    • Creates a software uninstall entry

      • msiexec.exe (PID: 6780)
    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 6780)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (64.6)
.dll | Win32 Dynamic Link Library (generic) (15.4)
.exe | Win32 Executable (generic) (10.5)
.exe | Generic Win/DOS Executable (4.6)
.exe | DOS Executable Generic (4.6)

EXIF

EXE

AssemblyVersion: 4.0.7.0
ProductVersion: 4.0.7.0
ProductName: DriverHub
OriginalFileName: DriverHubInstaller.exe
LegalTrademarks: -
LegalCopyright: © ROSTPAY LTD. All rights reserved.
InternalName: DriverHubInstaller.exe
FileVersion: 4.0.7.0
FileDescription: Install DriverHub
CompanyName: -
Comments: -
CharacterSet: Unicode
LanguageCode: Neutral
FileSubtype: -
ObjectFileType: Executable application
FileOS: Win32
FileFlags: (none)
FileFlagsMask: 0x003f
ProductVersionNumber: 4.0.7.0
FileVersionNumber: 4.0.7.0
Subsystem: Windows GUI
SubsystemVersion: 6
ImageVersion: -
OSVersion: 4
EntryPoint: 0xa7792
UninitializedDataSize: -
InitializedDataSize: 69120
CodeSize: 677888
LinkerVersion: 48
PEType: PE32
ImageFileCharacteristics: Executable, Large address aware
TimeStamp: 2098:11:19 20:09:20+00:00
MachineType: Intel 386 or later, and compatibles
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
142
Monitored processes
14
Malicious processes
4
Suspicious processes
3

Behavior graph

Click at the process to see the details
start svchost.exe driver-hub-install__28.exe no specs driver-hub-install__28.exe vcredist.exe vcredist.exe vc_redist.x86.exe SPPSurrogate no specs vssvc.exe no specs srtasks.exe no specs conhost.exe no specs msiexec.exe vc_redist.x86.exe no specs vc_redist.x86.exe vc_redist.x86.exe

Process information

PID
CMD
Path
Indicators
Parent process
2192C:\WINDOWS\system32\svchost.exe -k NetworkService -p -s DnscacheC:\Windows\System32\svchost.exe
services.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Host Process for Windows Services
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\kernel.appcore.dll
3612"C:\Users\admin\AppData\Local\Temp\driver-hub-install__28.exe" C:\Users\admin\AppData\Local\Temp\driver-hub-install__28.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Install DriverHub
Exit code:
0
Version:
4.0.7.0
Modules
Images
c:\users\admin\appdata\local\temp\driver-hub-install__28.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\mscoree.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
6592"C:\Users\admin\AppData\Local\Temp\driver-hub-install__28.exe" /install /pos=220,20 /lang=en /framework=1C:\Users\admin\AppData\Local\Temp\driver-hub-install__28.exe
driver-hub-install__28.exe
User:
admin
Integrity Level:
HIGH
Description:
Install DriverHub
Version:
4.0.7.0
Modules
Images
c:\users\admin\appdata\local\temp\driver-hub-install__28.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\mscoree.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
3288"C:\Users\admin\AppData\Local\Temp\DriverHub\vcredist.exe" /quiet /norestartC:\Users\admin\AppData\Local\Temp\DriverHub\vcredist.exe
driver-hub-install__28.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.38.33135
Exit code:
0
Version:
14.38.33135.0
Modules
Images
c:\users\admin\appdata\local\temp\driverhub\vcredist.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
5308"C:\WINDOWS\Temp\{99D5E8FB-F04E-4E27-A700-E86A40BF062A}\.cr\vcredist.exe" -burn.clean.room="C:\Users\admin\AppData\Local\Temp\DriverHub\vcredist.exe" -burn.filehandle.attached=616 -burn.filehandle.self=620 /quiet /norestartC:\Windows\Temp\{99D5E8FB-F04E-4E27-A700-E86A40BF062A}\.cr\vcredist.exe
vcredist.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.38.33135
Exit code:
0
Version:
14.38.33135.0
Modules
Images
c:\windows\temp\{99d5e8fb-f04e-4e27-a700-e86a40bf062a}\.cr\vcredist.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
1616"C:\WINDOWS\Temp\{A8192D99-D600-4155-B755-20FBA5E098BF}\.be\VC_redist.x86.exe" -q -burn.elevated BurnPipe.{A1CDFAC5-D5F5-42BF-91B7-696D7D1B759B} {8835D39A-01F8-4D67-9B2B-A5E1D91A1019} 5308C:\Windows\Temp\{A8192D99-D600-4155-B755-20FBA5E098BF}\.be\VC_redist.x86.exe
vcredist.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.38.33135
Exit code:
0
Version:
14.38.33135.0
Modules
Images
c:\windows\temp\{a8192d99-d600-4155-b755-20fba5e098bf}\.be\vc_redist.x86.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
2972C:\WINDOWS\system32\DllHost.exe /Processid:{F32D97DF-E3E5-4CB9-9E3E-0EB5B4E49801}C:\Windows\System32\dllhost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
COM Surrogate
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\dllhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\kernel.appcore.dll
c:\windows\system32\msvcrt.dll
4076C:\WINDOWS\system32\vssvc.exeC:\Windows\System32\VSSVC.exeservices.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft® Volume Shadow Copy Service
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\vssvc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
4952C:\WINDOWS\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:11C:\Windows\System32\SrTasks.exedllhost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft® Windows System Protection background tasks.
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\srtasks.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
3992\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeSrTasks.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
14 108
Read events
13 210
Write events
634
Delete events
264

Modification events

(PID) Process:(3612) driver-hub-install__28.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\CUAS\DefaultCompositionWindow
Operation:writeName:Left
Value:
0
(PID) Process:(3612) driver-hub-install__28.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\CUAS\DefaultCompositionWindow
Operation:writeName:Top
Value:
0
(PID) Process:(6592) driver-hub-install__28.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\driver-hub-install__28_RASAPI32
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(6592) driver-hub-install__28.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\driver-hub-install__28_RASAPI32
Operation:writeName:EnableAutoFileTracing
Value:
0
(PID) Process:(6592) driver-hub-install__28.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\driver-hub-install__28_RASAPI32
Operation:writeName:EnableConsoleTracing
Value:
0
(PID) Process:(6592) driver-hub-install__28.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\driver-hub-install__28_RASAPI32
Operation:writeName:FileTracingMask
Value:
(PID) Process:(6592) driver-hub-install__28.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\driver-hub-install__28_RASAPI32
Operation:writeName:ConsoleTracingMask
Value:
(PID) Process:(6592) driver-hub-install__28.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\driver-hub-install__28_RASAPI32
Operation:writeName:MaxFileSize
Value:
1048576
(PID) Process:(6592) driver-hub-install__28.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\driver-hub-install__28_RASAPI32
Operation:writeName:FileDirectory
Value:
%windir%\tracing
(PID) Process:(6592) driver-hub-install__28.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\driver-hub-install__28_RASMANCS
Operation:writeName:EnableFileTracing
Value:
0
Executable files
106
Suspicious files
80
Text files
610
Unknown types
1

Dropped files

PID
Process
Filename
Type
6592driver-hub-install__28.exeC:\Program Files (x86)\DriverHub\libGLESv2.dllexecutable
MD5:CB9B4E963A78FBFB70E13BDF30509235
SHA256:DE7DABF9C1BC8D0BF448EFAE15F9FBB32FA3BCD0DC676F1F7696B8DE0662B6F4
6592driver-hub-install__28.exeC:\Program Files (x86)\DriverHub\imageformats\qjpeg.dllexecutable
MD5:35AA301AF3284B1349C4229B8937C895
SHA256:8A7B522660C91AA5463C5A9534C9B4959E3055448E6B9428ED8F1352549B088C
6592driver-hub-install__28.exeC:\Program Files (x86)\DriverHub\Images\DriverHubLogo.pngimage
MD5:451B153070269850DA133D4E493A1BD6
SHA256:91D221FE4045038100274A1A32F8155C0195517C51A712B1F742A4F5BBB45E4B
6592driver-hub-install__28.exeC:\Program Files (x86)\DriverHub\opengl32sw.dllexecutable
MD5:8B197F55264A44B7B25046F7BA5BD7D2
SHA256:25AE7577E066FA80519A8F1C314B15CDD22E4A8D3ECD2A36ECCC79E40714A91D
6592driver-hub-install__28.exeC:\Program Files (x86)\DriverHub\libcurl.dllexecutable
MD5:E5064ADFBC48E3FB81F09E7B8E78D49D
SHA256:4BFCAEE356CF1B99D3DBC03D42018FCFC29271C6A72B373343D24C45A7569489
6592driver-hub-install__28.exeC:\Program Files (x86)\DriverHub\Qt5Core.dllexecutable
MD5:80A95EAC18B0D41D393B3F72CF03CCE0
SHA256:2059AE8AF9B3ADC40E3FBAC46EDCE469A5A3340B1A42C0E2B0F79FCFAB838ED2
6592driver-hub-install__28.exeC:\Program Files (x86)\DriverHub\Credits.txttext
MD5:7282852E37095B043D99A678B8C31C9E
SHA256:EED093D8D23DC0F8A1B001BC6B59A31C70BD52EE85B3917E18AFAECCA788BF3D
6592driver-hub-install__28.exeC:\Program Files (x86)\DriverHub\Qt5Network.dllexecutable
MD5:4CCC16253F60FC8C06475BF936C8D168
SHA256:DF013042C338346B30D2E33A9895A6DE8D6A6EE785406996B4A523957AB10A2E
6592driver-hub-install__28.exeC:\Program Files (x86)\DriverHub\libcrypto-1_1.dllexecutable
MD5:D588D5B4162D2C66071A171A903AC8A1
SHA256:F1B06DB34B6BC09738FA66AC2103F7F47BA58F9BB6D1A518112F42846B6DC8EA
6592driver-hub-install__28.exeC:\Program Files (x86)\DriverHub\libssl-1_1.dllexecutable
MD5:4A1BD71115017098E6B75570A61B6DC3
SHA256:244AE1F0EF1AD908B54068EB13611FBA58C8F78BA2F126ACDE7379A0C823123F
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
9
TCP/UDP connections
42
DNS requests
23
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6780
msiexec.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl
unknown
whitelisted
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
6780
msiexec.exe
GET
200
2.16.241.12:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
7132
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
1176
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
2.16.253.202:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
23.48.23.193:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6184
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
5004
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4712
MoUsoCoreWorker.exe
23.48.23.193:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
4712
MoUsoCoreWorker.exe
2.16.253.202:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted
5064
SearchApp.exe
2.16.204.134:443
www.bing.com
Akamai International B.V.
DE
whitelisted
4
System
192.168.100.255:138
whitelisted
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
1176
svchost.exe
20.190.159.71:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1176
svchost.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 40.127.240.158
  • 51.104.136.2
whitelisted
crl.microsoft.com
  • 23.48.23.193
  • 23.48.23.173
  • 23.48.23.177
  • 23.48.23.167
  • 23.48.23.183
  • 23.48.23.190
  • 23.48.23.139
  • 23.48.23.140
  • 23.48.23.180
  • 2.16.241.12
  • 2.16.241.19
whitelisted
www.microsoft.com
  • 2.16.253.202
  • 95.101.149.131
whitelisted
google.com
  • 142.250.186.142
whitelisted
www.bing.com
  • 2.16.204.134
  • 2.16.204.160
  • 2.16.204.148
  • 2.16.204.138
  • 2.16.204.149
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
login.live.com
  • 20.190.159.71
  • 20.190.159.64
  • 40.126.31.73
  • 20.190.159.23
  • 20.190.159.68
  • 20.190.159.73
  • 40.126.31.69
  • 40.126.31.67
whitelisted
go.microsoft.com
  • 23.35.238.131
whitelisted
api.az-partners.net
  • 188.130.153.32
  • 188.130.153.33
unknown
www.drvhub.net
  • 188.130.153.33
  • 188.130.153.32
whitelisted

Threats

No threats detected
No debug info