File name:

Intel-Driver-and-Support-Assistant-Installer.exe

Full analysis: https://app.any.run/tasks/805474f8-7e18-431a-942b-d0dbdf28d10d
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: December 09, 2024, 05:18:16
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
loader
arch-html
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 7 sections
MD5:

3EF4B75EB7EDF5FCF1D538B4797E0CC5

SHA1:

71964793F7BC631AD554055826949DFE9AE16D2D

SHA256:

84403275DA5369054598D8B5EB3E21D9F70BD25C85583B28008F708B1F8063E9

SSDEEP:

98304:OiwhXSwidTOj9sSGxYHoNlILbYxc4aILwyTpaRmJaky261cpd337NRpNradacNpC:Wc48FOBbP4

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 4504)

    • Uses Task Scheduler to run other applications

      • cmd.exe (PID: 5236)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • BootstrapperUI_V2.exe (PID: 3984)
      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 524)

    • Process drops legitimate windows executable

      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 524)
      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 4504)
      • msiexec.exe (PID: 1796)

    • Executable content was dropped or overwritten

      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 524)
      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 4504)
      • cmd.exe (PID: 6252)

    • Searches for installed software

      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 524)
      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 4504)
      • dllhost.exe (PID: 5096)

    • Executes as Windows Service

      • VSSVC.exe (PID: 4528)
      • DSAService.exe (PID: 4164)
      • DSAUpdateService.exe (PID: 3732)
      • SurSvc.exe (PID: 6760)
      • esrv_svc.exe (PID: 7736)
      • WmiApSrv.exe (PID: 7432)
      • esrv_svc.exe (PID: 8440)

    • Checks Windows Trust Settings

      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 524)
      • msiexec.exe (PID: 1796)

    • Creates a software uninstall entry

      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 4504)

    • Mutex name with non-standard characters

      • msiexec.exe (PID: 1796)
      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 4504)

    • Starts CMD.EXE for commands execution

      • msiexec.exe (PID: 1356)
      • SurSvc.exe (PID: 3140)
      • SurSvc.exe (PID: 6760)
      • cmd.exe (PID: 5236)
      • wscript.exe (PID: 7836)

    • Reads the Windows owner or organization settings

      • msiexec.exe (PID: 1796)

    • Process drops SQLite DLL files

      • msiexec.exe (PID: 1796)

    • Process drops python dynamic module

      • msiexec.exe (PID: 1796)

    • The process drops C-runtime libraries

      • msiexec.exe (PID: 1796)

    • Uses ICACLS.EXE to modify access control lists

      • msiexec.exe (PID: 1356)

    • Executing commands from a ".bat" file

      • SurSvc.exe (PID: 3140)
      • SurSvc.exe (PID: 6760)
      • wscript.exe (PID: 7836)

    • Starts application with an unusual extension

      • cmd.exe (PID: 5236)
      • cmd.exe (PID: 6252)

    • Uses TIMEOUT.EXE to delay execution

      • cmd.exe (PID: 5236)
      • cmd.exe (PID: 6252)

    • Drops a system driver (possible attempt to evade defenses)

      • msiexec.exe (PID: 1796)
      • cmd.exe (PID: 6252)

    • Uses REG/REGEDIT.EXE to modify registry

      • cmd.exe (PID: 5236)

    • Starts SC.EXE for service management

      • cmd.exe (PID: 6252)
      • esrv.exe (PID: 7428)

    • The process executes via Task Scheduler

      • wscript.exe (PID: 7836)

    • Application launched itself

      • cmd.exe (PID: 5236)

    • Runs WScript without displaying logo

      • wscript.exe (PID: 7836)

  • INFO

    • Create files in a temporary directory

      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 524)
      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 4504)

    • Checks supported languages

      • BootstrapperUI_V2.exe (PID: 3984)
      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 524)
      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 4504)
      • msiexec.exe (PID: 1796)
      • DSAService.exe (PID: 4164)
      • DSAUpdateService.exe (PID: 3732)

    • Reads the machine GUID from the registry

      • BootstrapperUI_V2.exe (PID: 3984)
      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 4504)
      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 524)
      • DSAService.exe (PID: 4164)
      • msiexec.exe (PID: 1796)

    • Disables trace logs

      • BootstrapperUI_V2.exe (PID: 3984)
      • DSAService.exe (PID: 4164)

    • Reads the computer name

      • BootstrapperUI_V2.exe (PID: 3984)
      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 524)
      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 4504)
      • msiexec.exe (PID: 1796)
      • DSAService.exe (PID: 4164)
      • DSAUpdateService.exe (PID: 3732)

    • Checks proxy server information

      • BootstrapperUI_V2.exe (PID: 3984)
      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 524)

    • Creates files in the program directory

      • BootstrapperUI_V2.exe (PID: 3984)
      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 4504)

    • Process checks computer location settings

      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 524)

    • The process uses the downloaded file

      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 524)

    • Manages system restore points

      • SrTasks.exe (PID: 4624)

    • Reads the software policy settings

      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 524)
      • msiexec.exe (PID: 1796)

    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 1796)

    • Creates files or folders in the user directory

      • msiexec.exe (PID: 1796)

    • Application launched itself

      • msiexec.exe (PID: 1796)
      • msedge.exe (PID: 6404)

    • Creates a software uninstall entry

      • msiexec.exe (PID: 1796)

    • Manual execution by a user

      • msedge.exe (PID: 6404)
      • OpenWith.exe (PID: 8152)
      • OpenWith.exe (PID: 8632)
      • OpenWith.exe (PID: 8516)
      • OpenWith.exe (PID: 8716)
      • msedge.exe (PID: 1592)
      • OpenWith.exe (PID: 8804)
      • OpenWith.exe (PID: 8884)

    • Changes the display of characters in the console

      • cmd.exe (PID: 6252)
      • cmd.exe (PID: 5236)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (64.6)
.dll | Win32 Dynamic Link Library (generic) (15.4)
.exe | Win32 Executable (generic) (10.5)
.exe | Generic Win/DOS Executable (4.6)
.exe | DOS Executable Generic (4.6)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:04:05 19:45:02+00:00
ImageFileCharacteristics: Executable, 32-bit, Removable run from swap, Net run from swap
PEType: PE32
LinkerVersion: 14.38
CodeSize: 483328
InitializedDataSize: 317440
UninitializedDataSize: -
EntryPoint: 0x517f0
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 24.6.49.8
ProductVersionNumber: 24.6.49.8
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: ASCII
CompanyName: Intel
FileDescription: Intel® Driver & Support Assistant
FileVersion: 24.6.49.8
InternalName: burn
OriginalFileName: Intel-Driver-and-Support-Assistant-Installer.exe
ProductName: Intel® Driver & Support Assistant
ProductVersion: 24.6.49.8
LegalCopyright: Copyright © Intel Corporation. All rights reserved.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
300
Monitored processes
171
Malicious processes
9
Suspicious processes
1

Behavior graph

Click at the process to see the details
start intel-driver-and-support-assistant-installer.exe bootstrapperui_v2.exe no specs intel-driver-and-support-assistant-installer.exe SPPSurrogate no specs vssvc.exe no specs srtasks.exe no specs conhost.exe no specs msiexec.exe dsaservice.exe dsaupdateservice.exe no specs msiexec.exe no specs msiexec.exe no specs msiexec.exe no specs cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs msiexec.exe no specs cmd.exe no specs conhost.exe no specs sursvc.exe no specs sursvc.exe no specs cmd.exe no specs conhost.exe no specs chcp.com no specs choice.exe no specs choice.exe no specs reg.exe no specs find.exe no specs reg.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs reg.exe no specs esrv_svc.exe no specs esrv_svc.exe no specs reg.exe no specs schtasks.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs reg.exe no specs timeout.exe no specs timeout.exe no specs timeout.exe no specs dsaarcdetect64.exe no specs conhost.exe no specs sursvc.exe no specs msedge.exe no specs dsatray.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs cmd.exe conhost.exe no specs chcp.com no specs choice.exe no specs choice.exe no specs timeout.exe no specs timeout.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs sc.exe no specs find.exe no specs sc.exe no specs find.exe no specs sc.exe no specs find.exe no specs sc.exe no specs find.exe no specs sc.exe no specs esrv_svc.exe no specs msedge.exe no specs schtasks.exe no specs wscript.exe no specs cmd.exe no specs conhost.exe no specs task.exe no specs msedge.exe no specs openwith.exe no specs msedge.exe no specs esrv.exe no specs msedge.exe no specs wmiapsrv.exe no specs sc.exe no specs esrv_svc.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs dsaservicehelper.exe no specs dsatray.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
520\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeicacls.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
524"C:\Users\admin\Desktop\Intel-Driver-and-Support-Assistant-Installer.exe" C:\Users\admin\Desktop\Intel-Driver-and-Support-Assistant-Installer.exe
explorer.exe
User:
admin
Company:
Intel
Integrity Level:
MEDIUM
Description:
Intel® Driver & Support Assistant
Exit code:
0
Version:
24.6.49.8
Modules
Images
c:\users\admin\desktop\intel-driver-and-support-assistant-installer.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
1356C:\Windows\syswow64\MsiExec.exe -Embedding BBB3321284CE54C009E3D672523F90ED E Global\MSI0000C:\Windows\SysWOW64\msiexec.exemsiexec.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.3636 (WinBuild.160101.0800)
1356"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --mojo-platform-channel-handle=5268 --field-trial-handle=2012,i,12651089329462675242,11029841670807757050,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
1400"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=2568 --field-trial-handle=2012,i,12651089329462675242,11029841670807757050,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
1448"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=6840 --field-trial-handle=2012,i,12651089329462675242,11029841670807757050,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
1592"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" C:\Users\admin\Desktop\system-report-template.htmlC:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
1596C:\Windows\syswow64\MsiExec.exe -Embedding BBB0533476559017A1AC603BBE3675A0C:\Windows\SysWOW64\msiexec.exemsiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
1604timeout 1C:\Windows\System32\timeout.execmd.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
timeout - pauses command processing
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
1796C:\WINDOWS\system32\msiexec.exe /VC:\Windows\System32\msiexec.exe
services.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Version:
5.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
Total events
18 535
Read events
18 012
Write events
488
Delete events
35

Modification events

(PID) Process:(3984) BootstrapperUI_V2.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\BootstrapperUI_V2_RASAPI32
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(3984) BootstrapperUI_V2.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\BootstrapperUI_V2_RASAPI32
Operation:writeName:EnableAutoFileTracing
Value:
0
(PID) Process:(3984) BootstrapperUI_V2.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\BootstrapperUI_V2_RASAPI32
Operation:writeName:EnableConsoleTracing
Value:
0
(PID) Process:(3984) BootstrapperUI_V2.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\BootstrapperUI_V2_RASAPI32
Operation:writeName:FileTracingMask
Value:
(PID) Process:(3984) BootstrapperUI_V2.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\BootstrapperUI_V2_RASAPI32
Operation:writeName:ConsoleTracingMask
Value:
(PID) Process:(3984) BootstrapperUI_V2.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\BootstrapperUI_V2_RASAPI32
Operation:writeName:MaxFileSize
Value:
1048576
(PID) Process:(3984) BootstrapperUI_V2.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\BootstrapperUI_V2_RASAPI32
Operation:writeName:FileDirectory
Value:
%windir%\tracing
(PID) Process:(3984) BootstrapperUI_V2.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\BootstrapperUI_V2_RASMANCS
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(3984) BootstrapperUI_V2.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\BootstrapperUI_V2_RASMANCS
Operation:writeName:EnableAutoFileTracing
Value:
0
(PID) Process:(3984) BootstrapperUI_V2.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\BootstrapperUI_V2_RASMANCS
Operation:writeName:EnableConsoleTracing
Value:
0
Executable files
292
Suspicious files
431
Text files
109
Unknown types
25

Dropped files

PID
Process
Filename
Type
524Intel-Driver-and-Support-Assistant-Installer.exeC:\Users\admin\AppData\Local\Temp\{A49F816E-79AE-4C03-A7B7-B026F0763198}\.ba\id\BootstrapperUI_V2.resources.dllexecutable
MD5:5F33D9862A29E6830E37F22453B06889
SHA256:21F4850934CE19E5F7F81C2EC57ECBED3129667A4035B16571EC38B211426280
524Intel-Driver-and-Support-Assistant-Installer.exeC:\Users\admin\AppData\Local\Temp\{A49F816E-79AE-4C03-A7B7-B026F0763198}\.ba\BootstrapperUI_V2.exeexecutable
MD5:0424231B26D9871A1967F8A964159E32
SHA256:4242E4A3139912466E948803A35D026FCAF9A8A5DC68F1A149CFBE7918632B59
524Intel-Driver-and-Support-Assistant-Installer.exeC:\Users\admin\AppData\Local\Temp\{A49F816E-79AE-4C03-A7B7-B026F0763198}\.ba\fr\BootstrapperUI_V2.resources.dllexecutable
MD5:B7B86BB481C8C16CE437F0C5801E28B4
SHA256:1266B4C1ED85B94995BE9D0FD4B885C5E2624B74F076A1DA1099B8107DB6E323
524Intel-Driver-and-Support-Assistant-Installer.exeC:\Users\admin\AppData\Local\Temp\{A49F816E-79AE-4C03-A7B7-B026F0763198}\.ba\ko\BootstrapperUI_V2.resources.dllexecutable
MD5:F2CCB31BF48E50CAC497B1D8C37ADCB1
SHA256:799F675B72C9586B168FAA519A53B50B726B1C41D1E718AA3F5C18EADB835552
524Intel-Driver-and-Support-Assistant-Installer.exeC:\Users\admin\AppData\Local\Temp\{A49F816E-79AE-4C03-A7B7-B026F0763198}\.ba\ja\BootstrapperUI_V2.resources.dllexecutable
MD5:FEDBBCCA8D5C877003D37B9D74E903CD
SHA256:AB42D1F1D8E69A40921C29B583A4D6B3550AC06AF3B2D1EDA9AAF46E276B3163
524Intel-Driver-and-Support-Assistant-Installer.exeC:\Users\admin\AppData\Local\Temp\{A49F816E-79AE-4C03-A7B7-B026F0763198}\.ba\es\BootstrapperUI_V2.resources.dllexecutable
MD5:17ECC752B90F9A2B90C4A0C0D522D3FA
SHA256:A2E8FCAF6150F6BB3FDFC51B38879EEB22710ED7002DD7DA98352E023381FA0B
524Intel-Driver-and-Support-Assistant-Installer.exeC:\Users\admin\AppData\Local\Temp\{A49F816E-79AE-4C03-A7B7-B026F0763198}\.ba\pt-BR\BootstrapperUI_V2.resources.dllexecutable
MD5:BD9142F70891DB3E5FE5C4A36A682AF8
SHA256:C0FF914F0ABB5AAC50E15F5828202A08206010EE1AEE761DA6586FF09AAD8880
524Intel-Driver-and-Support-Assistant-Installer.exeC:\Users\admin\AppData\Local\Temp\{A49F816E-79AE-4C03-A7B7-B026F0763198}\.ba\GalaSoft.MvvmLight.dllexecutable
MD5:554F492F51C79A6767C118332060F263
SHA256:B4FE435C0DD0E6FD708F518F1CB538B896C20884375FEFDB4C28F6BDDA17E9EA
524Intel-Driver-and-Support-Assistant-Installer.exeC:\Users\admin\AppData\Local\Temp\{A49F816E-79AE-4C03-A7B7-B026F0763198}\.ba\th\BootstrapperUI_V2.resources.dllexecutable
MD5:B8320B9B7807C9ADBC14CFBADEB66702
SHA256:9C07C32459B7CA937CDDF6EF7EB2B8CBB01BF6D1DD47EFB295C239CB7171CCD6
524Intel-Driver-and-Support-Assistant-Installer.exeC:\Users\admin\AppData\Local\Temp\{A49F816E-79AE-4C03-A7B7-B026F0763198}\.ba\BootstrapperUI_V2.exe.configxml
MD5:CB6048A33306DA8D4D32204388B83E94
SHA256:5C65F5D0BDD4B45FFF99C3AD3C3F319B9BA1824336D83463162ED5A02CBE3439
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
88
TCP/UDP connections
94
DNS requests
89
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1356
svchost.exe
GET
200
2.16.164.49:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
HEAD
302
184.30.21.171:443
https://go.microsoft.com/fwlink/?LinkId=863262
unknown
1356
svchost.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
HEAD
200
23.32.238.107:443
https://download.visualstudio.microsoft.com/download/pr/1f5af042-d0e4-4002-9c59-9ba66bcf15f6/124d2afe5c8f67dfa910da5f9e3db9c1/ndp472-kb4054531-web.exe
unknown
GET
302
184.30.21.171:443
https://go.microsoft.com/fwlink/?LinkId=863262
unknown
1796
msiexec.exe
GET
200
104.18.38.233:80
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEAJ8OQEMp1rDOrXuDVQO%2BeU%3D
unknown
whitelisted
1796
msiexec.exe
GET
200
104.18.38.233:80
http://ocsp.sectigo.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSdE3gf41WAic8Uh9lF92%2BIJqh5qwQUMuuSmv81lkgvKEBCcCA2kVwXheYCEGIdbQxSAZ47kHkVIIkhHAo%3D
unknown
whitelisted
1796
msiexec.exe
GET
200
104.18.38.233:80
http://ocsp.sectigo.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBQVD%2BnGf79Hpedv3mhy6uKMVZkPCQQUDyrLIIcouOxvSK4rVKYpqhekzQwCEQDevLVOPyKjTcl8PoK9arwe
unknown
whitelisted
1796
msiexec.exe
GET
200
104.18.38.233:80
http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEEj8k7RgVZSNNqfJionWlBY%3D
unknown
whitelisted
1796
msiexec.exe
GET
200
104.18.38.233:80
http://ocsp.sectigo.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQVD%2BnGf79Hpedv3mhy6uKMVZkPCQQUDyrLIIcouOxvSK4rVKYpqhekzQwCEEljZgjunmDhwExSXVD8LUQ%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4712
MoUsoCoreWorker.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:137
whitelisted
1356
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
1356
svchost.exe
2.16.164.49:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
1356
svchost.exe
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted
4712
MoUsoCoreWorker.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1356
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
524
Intel-Driver-and-Support-Assistant-Installer.exe
23.32.186.57:443
go.microsoft.com
AKAMAI-AS
BR
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
  • 40.127.240.158
whitelisted
google.com
  • 142.250.186.46
whitelisted
crl.microsoft.com
  • 2.16.164.49
  • 2.16.164.9
whitelisted
www.microsoft.com
  • 95.101.149.131
whitelisted
go.microsoft.com
  • 23.32.186.57
  • 23.43.62.58
whitelisted
download.visualstudio.microsoft.com
  • 2.22.242.11
  • 2.22.242.82
whitelisted
dsadata.intel.com
  • 2.22.242.88
  • 2.22.242.137
whitelisted
ocsp.usertrust.com
  • 104.18.38.233
  • 172.64.149.23
whitelisted
ocsp.sectigo.com
  • 104.18.38.233
  • 172.64.149.23
whitelisted
ocsp.comodoca.com
  • 104.18.38.233
  • 172.64.149.23
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Intel-Driver-and-Support-Assistant-Installer.exe