File name:

Intel-Driver-and-Support-Assistant-Installer.exe

Full analysis: https://app.any.run/tasks/9dc08dce-57c0-4fa0-bbb0-99663999bd24
Verdict: Malicious activity
Analysis date: September 11, 2025, 06:46:29
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
auto-reg
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 7 sections
MD5:

E30739FDF01EBF2097C3FBAEAC69FE06

SHA1:

011F2A8F164D8E572BB18DEEA39E313ABD769D9A

SHA256:

5B4957C11B7370CBC2A0EE0F5AFDC3DFCA3BC624A9165EB0BC0A8FE3C7AEEE5E

SSDEEP:

98304:QiwhXS3HegGjWrl5Xg1qLGvq8xQeFoYQGwLBzAEwYBGW/OLKgfvgP1bFb9cldKuQ:fwS9SPWQw1C7s

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 6376)

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 3288)
      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 3908)

    • Executable content was dropped or overwritten

      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 3288)
      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 6376)
      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 3908)

    • Searches for installed software

      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 3288)
      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 6376)
      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 3800)
      • dllhost.exe (PID: 1096)
      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 3908)

    • Reads security settings of Internet Explorer

      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 3288)

    • Executes as Windows Service

      • VSSVC.exe (PID: 2288)

    • Creates a software uninstall entry

      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 6376)

    • Application launched itself

      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 3800)

  • INFO

    • Create files in a temporary directory

      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 3288)
      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 6376)
      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 3800)
      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 3908)

    • Checks supported languages

      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 3288)
      • wixprqba.exe (PID: 6004)
      • netcoresearch.exe (PID: 5548)
      • netcoresearch.exe (PID: 1980)
      • netcoresearch.exe (PID: 4196)
      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 6376)
      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 3800)
      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 3908)
      • wixprqba.exe (PID: 6620)
      • netcoresearch.exe (PID: 984)
      • netcoresearch.exe (PID: 6820)
      • netcoresearch.exe (PID: 424)

    • The sample compiled with english language support

      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 3288)
      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 6376)
      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 3908)

    • Reads the computer name

      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 3288)
      • wixprqba.exe (PID: 6004)
      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 6376)
      • wixprqba.exe (PID: 6620)
      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 3908)

    • Checks proxy server information

      • slui.exe (PID: 4228)
      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 3288)

    • Reads the software policy settings

      • slui.exe (PID: 4228)
      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 3288)

    • Process checks computer location settings

      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 3288)

    • Manages system restore points

      • SrTasks.exe (PID: 4892)

    • Launching a file from a Registry key

      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 6376)

    • Reads the machine GUID from the registry

      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 3288)

    • Creates files in the program directory

      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 6376)

    • Manual execution by a user

      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 3800)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (64.6)
.dll | Win32 Dynamic Link Library (generic) (15.4)
.exe | Win32 Executable (generic) (10.5)
.exe | Generic Win/DOS Executable (4.6)
.exe | DOS Executable Generic (4.6)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:04:05 19:45:02+00:00
ImageFileCharacteristics: Executable, 32-bit, Removable run from swap, Net run from swap
PEType: PE32
LinkerVersion: 14.38
CodeSize: 483328
InitializedDataSize: 317440
UninitializedDataSize: -
EntryPoint: 0x517f0
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 25.4.36.6
ProductVersionNumber: 25.4.36.6
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: ASCII
CompanyName: Intel
FileDescription: Intel® Driver & Support Assistant
FileVersion: 25.4.36.6
InternalName: burn
OriginalFileName: Intel-Driver-and-Support-Assistant-Installer.exe
ProductName: Intel® Driver & Support Assistant
ProductVersion: 25.4.36.6
LegalCopyright: Copyright © Intel Corporation. All rights reserved.
No data.
screenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
156
Monitored processes
23
Malicious processes
2
Suspicious processes
2

Behavior graph

Click at the process to see the details
start intel-driver-and-support-assistant-installer.exe wixprqba.exe no specs netcoresearch.exe no specs conhost.exe no specs netcoresearch.exe no specs conhost.exe no specs netcoresearch.exe no specs conhost.exe no specs slui.exe intel-driver-and-support-assistant-installer.exe SPPSurrogate no specs vssvc.exe no specs srtasks.exe no specs conhost.exe no specs intel-driver-and-support-assistant-installer.exe no specs intel-driver-and-support-assistant-installer.exe wixprqba.exe no specs netcoresearch.exe no specs conhost.exe no specs netcoresearch.exe no specs conhost.exe no specs netcoresearch.exe no specs conhost.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
304\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exenetcoresearch.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
424"C:\Users\admin\AppData\Local\Temp\{B8BB79BE-E7D9-49BD-99D5-D91423E31F57}\.ba\Wix4NetfxBootstrapperExtension_X86\x64\netcoresearch.exe" runtime 8 Microsoft.NETCore.AppC:\Users\admin\AppData\Local\Temp\{B8BB79BE-E7D9-49BD-99D5-D91423E31F57}\.ba\Wix4NetfxBootstrapperExtension_X86\x64\netcoresearch.exeIntel-Driver-and-Support-Assistant-Installer.exe
User:
admin
Company:
WiX Toolset
Integrity Level:
MEDIUM
Description:
netcoresearch
Exit code:
0
Version:
5.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\{b8bb79be-e7d9-49bd-99d5-d91423e31f57}\.ba\wix4netfxbootstrapperextension_x86\x64\netcoresearch.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\temp\{b8bb79be-e7d9-49bd-99d5-d91423e31f57}\.ba\wix4netfxbootstrapperextension_x86\x64\hostfxr.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
984"C:\Users\admin\AppData\Local\Temp\{B8BB79BE-E7D9-49BD-99D5-D91423E31F57}\.ba\Wix4NetfxBootstrapperExtension_X86\x86\netcoresearch.exe" runtime 8 Microsoft.AspNetCore.AppC:\Users\admin\AppData\Local\Temp\{B8BB79BE-E7D9-49BD-99D5-D91423E31F57}\.ba\Wix4NetfxBootstrapperExtension_X86\x86\netcoresearch.exeIntel-Driver-and-Support-Assistant-Installer.exe
User:
admin
Company:
WiX Toolset
Integrity Level:
MEDIUM
Description:
netcoresearch
Exit code:
0
Version:
5.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\{b8bb79be-e7d9-49bd-99d5-d91423e31f57}\.ba\wix4netfxbootstrapperextension_x86\x86\netcoresearch.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\users\admin\appdata\local\temp\{b8bb79be-e7d9-49bd-99d5-d91423e31f57}\.ba\wix4netfxbootstrapperextension_x86\x86\hostfxr.dll
1096C:\WINDOWS\system32\DllHost.exe /Processid:{F32D97DF-E3E5-4CB9-9E3E-0EB5B4E49801}C:\Windows\System32\dllhost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
COM Surrogate
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\dllhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\kernel.appcore.dll
c:\windows\system32\msvcrt.dll
1568\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exenetcoresearch.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1980"C:\Users\admin\AppData\Local\Temp\{6666FD1F-6B60-41A2-A723-256B2A2B18BF}\.ba\Wix4NetfxBootstrapperExtension_X86\x86\netcoresearch.exe" runtime 8 Microsoft.WindowsDesktop.AppC:\Users\admin\AppData\Local\Temp\{6666FD1F-6B60-41A2-A723-256B2A2B18BF}\.ba\Wix4NetfxBootstrapperExtension_X86\x86\netcoresearch.exeIntel-Driver-and-Support-Assistant-Installer.exe
User:
admin
Company:
WiX Toolset
Integrity Level:
MEDIUM
Description:
netcoresearch
Exit code:
0
Version:
5.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\{6666fd1f-6b60-41a2-a723-256b2a2b18bf}\.ba\wix4netfxbootstrapperextension_x86\x86\netcoresearch.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\users\admin\appdata\local\temp\{6666fd1f-6b60-41a2-a723-256b2a2b18bf}\.ba\wix4netfxbootstrapperextension_x86\x86\hostfxr.dll
2288C:\WINDOWS\system32\vssvc.exeC:\Windows\System32\VSSVC.exeservices.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft® Volume Shadow Copy Service
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\vssvc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3288"C:\Users\admin\Desktop\Intel-Driver-and-Support-Assistant-Installer.exe" C:\Users\admin\Desktop\Intel-Driver-and-Support-Assistant-Installer.exe
explorer.exe
User:
admin
Company:
Intel
Integrity Level:
MEDIUM
Description:
Intel® Driver & Support Assistant
Version:
25.4.36.6
Modules
Images
c:\users\admin\desktop\intel-driver-and-support-assistant-installer.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
3800"C:\ProgramData\Package Cache\{4152D055-4116-42A3-BC9E-86D0A17B35A5}\Intel-Driver-and-Support-Assistant-Installer.exe" /burn.runonceC:\ProgramData\Package Cache\{4152D055-4116-42A3-BC9E-86D0A17B35A5}\Intel-Driver-and-Support-Assistant-Installer.exeexplorer.exe
User:
admin
Company:
Intel
Integrity Level:
MEDIUM
Description:
Intel® Driver & Support Assistant
Exit code:
0
Version:
25.4.36.6
Modules
Images
c:\programdata\package cache\{4152d055-4116-42a3-bc9e-86d0a17b35a5}\intel-driver-and-support-assistant-installer.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\win32u.dll
3908"C:\ProgramData\Package Cache\{4152D055-4116-42A3-BC9E-86D0A17B35A5}\Intel-Driver-and-Support-Assistant-Installer.exe" /burn.log.append "C:\Users\admin\AppData\Local\Temp\Intel®_Driver_&_Support_Assistant_20250911064639.log" /burn.log.append "C:\Users\admin\AppData\Local\Temp\Intel®_Driver_&_Support_Assistant_20250911064639.log"C:\ProgramData\Package Cache\{4152D055-4116-42A3-BC9E-86D0A17B35A5}\Intel-Driver-and-Support-Assistant-Installer.exe
Intel-Driver-and-Support-Assistant-Installer.exe
User:
admin
Company:
Intel
Integrity Level:
MEDIUM
Description:
Intel® Driver & Support Assistant
Version:
25.4.36.6
Modules
Images
c:\programdata\package cache\{4152d055-4116-42a3-bc9e-86d0a17b35a5}\intel-driver-and-support-assistant-installer.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\win32u.dll
Total events
9 999
Read events
9 765
Write events
213
Delete events
21

Modification events

(PID) Process:(1096) dllhost.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGetSnapshots (Enter)
Value:
4800000000000000AAF83A1BE822DC0148040000BC110000D20700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(1096) dllhost.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppCreate (Enter)
Value:
48000000000000006FDE651BE822DC0148040000BC110000D00700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(1096) dllhost.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\VssapiPublisher
Operation:writeName:IDENTIFY (Enter)
Value:
4800000000000000C0E2971BE822DC01480400002C0A0000E8030000010000000000000000000000AA9C8F5B71AE0A42B2CF76BD4818D92D00000000000000000000000000000000
(PID) Process:(2288) VSSVC.exeKey:HKEY_LOCAL_MACHINE\BCD00000000\Objects\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\Elements\11000001
Operation:delete keyName:(default)
Value:
(PID) Process:(2288) VSSVC.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\COM+ REGDB Writer
Operation:writeName:IDENTIFY (Leave)
Value:
48000000000000008A9BA81BE822DC01F0080000240A0000E80300000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(2288) VSSVC.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\Registry Writer
Operation:writeName:IDENTIFY (Leave)
Value:
48000000000000008A9BA81BE822DC01F0080000B4040000E80300000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(2288) VSSVC.exeKey:HKEY_LOCAL_MACHINE\BCD00000000\Objects\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\Elements\11000001
Operation:writeName:Element
Value:
0000000000000000000000000000000006000000000000004800000000000000715E5C2FA985EB1190A89A9B763584210000000000000000745E5C2FA985EB1190A89A9B7635842100000000000000000000000000000000
(PID) Process:(2288) VSSVC.exeKey:HKEY_LOCAL_MACHINE\BCD00000000\Objects\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\Elements\12000002
Operation:delete keyName:(default)
Value:
(PID) Process:(2288) VSSVC.exeKey:HKEY_LOCAL_MACHINE\BCD00000000\Objects\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\Elements\12000002
Operation:writeName:Element
Value:
\EFI\Microsoft\Boot\bootmgfw.efi
(PID) Process:(2288) VSSVC.exeKey:HKEY_LOCAL_MACHINE\BCD00000000\Objects\{5b970157-8568-11eb-b45c-806e6f6e6963}\Elements\11000001
Operation:delete keyName:(default)
Value:
Executable files
56
Suspicious files
9
Text files
10
Unknown types
0

Dropped files

PID
Process
Filename
Type
3288Intel-Driver-and-Support-Assistant-Installer.exeC:\Users\admin\AppData\Local\Temp\{6666FD1F-6B60-41A2-A723-256B2A2B18BF}\.ba\de\BootstrapperUI_V2.resources.dllexecutable
MD5:CDFDF4E4B951472FEEB3CCF7902708F9
SHA256:BE6692E270E1C8BF4BEA2731454D4031B392882EAC049250507CC17153FA628F
3288Intel-Driver-and-Support-Assistant-Installer.exeC:\Users\admin\AppData\Local\Temp\{6666FD1F-6B60-41A2-A723-256B2A2B18BF}\.ba\ko\BootstrapperUI_V2.resources.dllexecutable
MD5:D1551DFD50352ACBA1F5D06B0124562A
SHA256:5242662C296996D0E2F14DC65811ED0F5BF55714EA12683A6A42315D5953029F
3288Intel-Driver-and-Support-Assistant-Installer.exeC:\Users\admin\AppData\Local\Temp\{6666FD1F-6B60-41A2-A723-256B2A2B18BF}\.ba\id\BootstrapperUI_V2.resources.dllexecutable
MD5:EE3EA5EB7951811BFB10524B884EA62B
SHA256:7A322D2E0AAF5F69FA11C62E5CE05607C1909D25E0715A4BE419F1824E421CCF
3288Intel-Driver-and-Support-Assistant-Installer.exeC:\Users\admin\AppData\Local\Temp\{6666FD1F-6B60-41A2-A723-256B2A2B18BF}\.ba\th\BootstrapperUI_V2.resources.dllexecutable
MD5:60F2C7699AD138BEA71FB7722EE6DDCD
SHA256:69747C42D2CF8F6E9DB9061E5BF149DEE53C81AC3C908DA7A3E16DA8F6448743
3288Intel-Driver-and-Support-Assistant-Installer.exeC:\Users\admin\AppData\Local\Temp\{6666FD1F-6B60-41A2-A723-256B2A2B18BF}\.ba\vi\BootstrapperUI_V2.resources.dllexecutable
MD5:C6E53869263BF7B62E53945D4206DA2A
SHA256:7EAA1CEBDDAD55F4AEC06BF37146D34200AAD23E8655D4D504C37C0C4112CB4B
3288Intel-Driver-and-Support-Assistant-Installer.exeC:\Users\admin\AppData\Local\Temp\{6666FD1F-6B60-41A2-A723-256B2A2B18BF}\.ba\es\BootstrapperUI_V2.resources.dllexecutable
MD5:53C1B41A11584E0AA072BE01350B0818
SHA256:F122450388063FDB127F36DBF7E07D999D29F8ADAAC468EDBD46044DF7BEBBC9
3288Intel-Driver-and-Support-Assistant-Installer.exeC:\Users\admin\AppData\Local\Temp\{6666FD1F-6B60-41A2-A723-256B2A2B18BF}\.ba\BootstrapperUI_V2.exeexecutable
MD5:8E3108B1A8B57033F113C3C17CC3AA97
SHA256:D1E06EB7542D5933943A4CAD239CC15EBC0F58CA8E52D50377F1561F6A7CE416
3288Intel-Driver-and-Support-Assistant-Installer.exeC:\Users\admin\AppData\Local\Temp\{6666FD1F-6B60-41A2-A723-256B2A2B18BF}\.ba\pt-BR\BootstrapperUI_V2.resources.dllexecutable
MD5:DF74023E6EC9A3564715E8A421E2A824
SHA256:B66DA0AE522D76A22ED86F124CB24D9CC2F48A484F67E6E4E76C5A2CC2562B4E
3288Intel-Driver-and-Support-Assistant-Installer.exeC:\Users\admin\AppData\Local\Temp\{6666FD1F-6B60-41A2-A723-256B2A2B18BF}\.ba\CommunityToolkit.Mvvm.dllexecutable
MD5:E646FB3A5C09CAC2883AB490AB9CB570
SHA256:41276A9C6A261F8A2FAA17652F3F1BC19F0F0E9550FE0AD96DAC2B297D3BE13A
3288Intel-Driver-and-Support-Assistant-Installer.exeC:\Users\admin\AppData\Local\Temp\{6666FD1F-6B60-41A2-A723-256B2A2B18BF}\.ba\BootstrapperUI_V2.pdbbinary
MD5:CE4AC1012FCAF3022C5C3BCE035D2521
SHA256:385DC18DB276FA8502DC2231D34ED9673A737ABE09550846523AE85F7418A6D3
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
9
TCP/UDP connections
19
DNS requests
8
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5944
MoUsoCoreWorker.exe
GET
200
23.216.77.30:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1268
svchost.exe
GET
200
23.216.77.30:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5944
MoUsoCoreWorker.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5824
RUXIMICS.exe
GET
200
23.216.77.30:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1268
svchost.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
HEAD
200
2.16.168.202:443
https://download.visualstudio.microsoft.com/download/pr/882d76b3-fd56-4808-a933-a3e3e30d0ccc/9b7d6a303a276deb808466a0fc8d52e6/windowsdesktop-runtime-8.0.14-win-x86.exe
unknown
unknown
GET
2.16.168.202:443
https://download.visualstudio.microsoft.com/download/pr/882d76b3-fd56-4808-a933-a3e3e30d0ccc/9b7d6a303a276deb808466a0fc8d52e6/windowsdesktop-runtime-8.0.14-win-x86.exe
unknown
unknown
POST
500
40.91.76.224:443
https://activation-v2.sls.microsoft.com/SLActivateProduct/SLActivateProduct.asmx?configextension=Retail
unknown
xml
512 b
unknown
POST
500
40.91.76.224:443
https://activation-v2.sls.microsoft.com/SLActivateProduct/SLActivateProduct.asmx?configextension=Retail
unknown
xml
512 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
5944
MoUsoCoreWorker.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1268
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5824
RUXIMICS.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
5944
MoUsoCoreWorker.exe
23.216.77.30:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
1268
svchost.exe
23.216.77.30:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5824
RUXIMICS.exe
23.216.77.30:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5944
MoUsoCoreWorker.exe
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
1268
svchost.exe
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 20.73.194.208
whitelisted
google.com
  • 142.250.186.174
whitelisted
crl.microsoft.com
  • 23.216.77.30
  • 23.216.77.29
  • 23.216.77.25
  • 23.216.77.18
  • 23.216.77.43
whitelisted
www.microsoft.com
  • 23.35.229.160
whitelisted
self.events.data.microsoft.com
  • 20.189.173.28
whitelisted
activation-v2.sls.microsoft.com
  • 40.91.76.224
whitelisted
download.visualstudio.microsoft.com
  • 199.232.210.172
  • 199.232.214.172
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Intel-Driver-and-Support-Assistant-Installer.exe