File name:

GPU-Z 2.66.0.exe

Full analysis: https://app.any.run/tasks/3aaa5362-075d-4350-bc31-b156d96a794a
Verdict: Malicious activity
Analysis date: July 14, 2025, 09:43:23
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
inno
installer
delphi
aida64
tool
arch-scr
arch-html
upx
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections
MD5:

5B84A2D40DF4A1D561F8268B7385ECEE

SHA1:

C343C67213FE74D41102745D3051FCDF7E2C03FD

SHA256:

8C9C0ABA50E5C6A393C3D701A1A3B138195AD0D3CE589C9ECA1469920FC3172B

SSDEEP:

98304:wvG8iRbXRjhDyvtnhzfO6pTixrwvIajvouw3MXhrRyhKKUXQJVUGkTw0ftG8X67q:HKe7xT/R6mtPdJCT

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Drops a system driver (possible attempt to evade defenses)

      • GPU-Z 2.66.0.exe (PID: 1100)
      • aida64extreme770.tmp (PID: 7004)

    • Executable content was dropped or overwritten

      • GPU-Z 2.66.0.exe (PID: 1100)
      • aida64extreme770.exe (PID: 5896)
      • aida64extreme770.exe (PID: 4500)
      • aida64extreme770.tmp (PID: 7004)

    • Reads security settings of Internet Explorer

      • GPU-Z 2.66.0.exe (PID: 1100)
      • aida64extreme770.tmp (PID: 5340)
      • aida64.exe (PID: 2140)

    • Reads the Windows owner or organization settings

      • aida64extreme770.tmp (PID: 7004)
      • aida64.exe (PID: 2140)

    • Process drops legitimate windows executable

      • aida64extreme770.tmp (PID: 7004)

    • Creates a software uninstall entry

      • aida64.exe (PID: 2140)

    • Searches for installed software

      • aida64.exe (PID: 2140)

    • Reads the BIOS version

      • aida64.exe (PID: 2140)

    • Uses RUNDLL32.EXE to load library

      • ie4uinit.exe (PID: 6512)

    • There is functionality for taking screenshot (YARA)

      • aida64.exe (PID: 2140)

    • Reads the date of Windows installation

      • aida64.exe (PID: 2140)

    • The process checks if it is being run in the virtual environment

      • aida64.exe (PID: 2140)

    • Write to the desktop.ini file (may be used to cloak folders)

      • aida64.exe (PID: 2140)

    • Starts application with an unusual extension

      • aida64.exe (PID: 2140)

  • INFO

    • The sample compiled with english language support

      • GPU-Z 2.66.0.exe (PID: 1100)
      • aida64extreme770.tmp (PID: 7004)

    • Reads the computer name

      • GPU-Z 2.66.0.exe (PID: 1100)
      • aida64extreme770.tmp (PID: 7004)
      • aida64extreme770.tmp (PID: 5340)
      • aida64.exe (PID: 2140)
      • aida64.exe (PID: 4088)

    • Checks supported languages

      • GPU-Z 2.66.0.exe (PID: 1100)
      • aida64extreme770.exe (PID: 5896)
      • aida64extreme770.tmp (PID: 7004)
      • aida64extreme770.exe (PID: 4500)
      • aida64extreme770.tmp (PID: 5340)
      • aida64.exe (PID: 2140)
      • aida64.exe (PID: 4088)
      • aida_bench64.dll (PID: 6284)
      • aida_bench64.dll (PID: 5116)
      • aida_bench64.dll (PID: 4232)
      • aida_bench64.dll (PID: 4400)

    • Create files in a temporary directory

      • GPU-Z 2.66.0.exe (PID: 1100)
      • aida64extreme770.exe (PID: 4500)
      • aida64extreme770.exe (PID: 5896)
      • aida64extreme770.tmp (PID: 7004)

    • Creates files or folders in the user directory

      • GPU-Z 2.66.0.exe (PID: 1100)

    • Checks proxy server information

      • GPU-Z 2.66.0.exe (PID: 1100)
      • slui.exe (PID: 7136)
      • aida64.exe (PID: 2140)

    • Reads the software policy settings

      • GPU-Z 2.66.0.exe (PID: 1100)
      • slui.exe (PID: 7136)

    • Reads the machine GUID from the registry

      • GPU-Z 2.66.0.exe (PID: 1100)

    • Manual execution by a user

      • WinRAR.exe (PID: 6296)
      • aida64extreme770.exe (PID: 4500)
      • aida64.exe (PID: 3460)
      • aida64.exe (PID: 4088)

    • Process checks computer location settings

      • aida64extreme770.tmp (PID: 5340)
      • aida64.exe (PID: 2140)

    • Creates files in the program directory

      • aida64extreme770.tmp (PID: 7004)
      • aida64.exe (PID: 2140)

    • Detects InnoSetup installer (YARA)

      • aida64extreme770.exe (PID: 5896)
      • aida64extreme770.tmp (PID: 7004)
      • aida64extreme770.tmp (PID: 5340)
      • aida64extreme770.exe (PID: 4500)

    • Compiled with Borland Delphi (YARA)

      • aida64extreme770.tmp (PID: 7004)
      • aida64extreme770.tmp (PID: 5340)
      • slui.exe (PID: 7136)
      • aida_bench64.dll (PID: 4400)
      • splwow64.exe (PID: 1468)
      • conhost.exe (PID: 6372)

    • Creates a software uninstall entry

      • aida64extreme770.tmp (PID: 7004)

    • AIDA64 mutex has been found

      • aida64.exe (PID: 2140)
      • aida64.exe (PID: 4088)

    • Reads security settings of Internet Explorer

      • ie4uinit.exe (PID: 6512)
      • splwow64.exe (PID: 1468)

    • Reads CPU info

      • aida64.exe (PID: 2140)

    • UPX packer has been detected

      • aida64.exe (PID: 2140)

    • Reads Environment values

      • aida64.exe (PID: 2140)

    • Reads Windows Product ID

      • aida64.exe (PID: 2140)

    • Reads mouse settings

      • aida64.exe (PID: 2140)

    • Process checks whether UAC notifications are on

      • aida64.exe (PID: 2140)

    • Disables trace logs

      • aida64.exe (PID: 2140)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | UPX compressed Win32 Executable (76)
.exe | Win32 Executable (generic) (12.6)
.exe | Generic Win/DOS Executable (5.6)
.exe | DOS Executable Generic (5.6)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2025:05:29 10:15:59+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.16
CodeSize: 11206656
InitializedDataSize: 57344
UninitializedDataSize: 42303488
EntryPoint: 0x3308220
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 2.66.0.0
ProductVersionNumber: 2.66.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Unknown (0019)
CharacterSet: Windows, Cyrillic
CompanyName: TechPowerUp (www.techpowerup.com)
FileDescription: GPU-Z - Video card Information Utility
FileVersion: 2.66.0.0
InternalName: GPU-Z.exe
LegalCopyright: (c) 2007-2025 TechPowerUp (www.techpowerup.com)
OriginalFileName: GPU-Z.exe
ProductName: GPU-Z - Video card Information Utility
ProductVersion: 2.66.0.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
177
Monitored processes
25
Malicious processes
5
Suspicious processes
1

Behavior graph

Click at the process to see the details
start gpu-z 2.66.0.exe winrar.exe no specs rundll32.exe no specs aida64extreme770.exe aida64extreme770.tmp no specs aida64extreme770.exe aida64extreme770.tmp aida64.exe no specs aida64.exe aida64.exe no specs aida64.exe slui.exe ie4uinit.exe no specs rundll32.exe no specs rundll32.exe no specs splwow64.exe no specs aida_bench64.dll no specs conhost.exe no specs aida_bench64.dll no specs conhost.exe no specs aida_bench64.dll no specs conhost.exe no specs aida_bench64.dll no specs conhost.exe no specs gpu-z 2.66.0.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1100"C:\Users\admin\Desktop\GPU-Z 2.66.0.exe" C:\Users\admin\Desktop\GPU-Z 2.66.0.exe
explorer.exe
User:
admin
Company:
TechPowerUp (www.techpowerup.com)
Integrity Level:
HIGH
Description:
GPU-Z - Video card Information Utility
Exit code:
2
Version:
2.66.0.0
Modules
Images
c:\users\admin\desktop\gpu-z 2.66.0.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
1468C:\WINDOWS\splwow64.exe 12288C:\Windows\splwow64.exeaida64.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Print driver host for applications
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\splwow64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
2140"C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe" C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
aida64extreme770.tmp
User:
admin
Company:
FinalWire Ltd.
Integrity Level:
HIGH
Description:
AIDA64 Extreme
Version:
7.70.7500
Modules
Images
c:\program files (x86)\finalwire\aida64 extreme\aida64.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
2220\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeaida_bench64.dll
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2524\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeaida_bench64.dll
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3000C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\system32\migration\WininetPlugin.dll,MigrateCacheForUser /m /0C:\Windows\System32\rundll32.exeie4uinit.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shcore.dll
c:\windows\system32\imagehlp.dll
3460"C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe" C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exeexplorer.exe
User:
admin
Company:
FinalWire Ltd.
Integrity Level:
MEDIUM
Description:
AIDA64 Extreme
Exit code:
3221226540
Version:
7.70.7500
Modules
Images
c:\program files (x86)\finalwire\aida64 extreme\aida64.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
3844C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\system32\migration\WininetPlugin.dll,MigrateCacheForUser /m /0C:\Windows\System32\rundll32.exeie4uinit.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shcore.dll
c:\windows\system32\imagehlp.dll
4088"C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe" C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
explorer.exe
User:
admin
Company:
FinalWire Ltd.
Integrity Level:
HIGH
Description:
AIDA64 Extreme
Exit code:
0
Version:
7.70.7500
Modules
Images
c:\program files (x86)\finalwire\aida64 extreme\aida64.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
4232aida_bench64.dll FinalWireBenchmarks_MTMBWC:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida_bench64.dllaida64.exe
User:
admin
Company:
FinalWire Ltd.
Integrity Level:
HIGH
Description:
AIDA64 Benchmark Module
Exit code:
0
Version:
4.70
Modules
Images
c:\program files (x86)\finalwire\aida64 extreme\aida_bench64.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
Total events
31 461
Read events
31 354
Write events
105
Delete events
2

Modification events

(PID) Process:(1100) GPU-Z 2.66.0.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(1100) GPU-Z 2.66.0.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(1100) GPU-Z 2.66.0.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(1100) GPU-Z 2.66.0.exeKey:HKEY_CURRENT_USER\SOFTWARE\techPowerUp\GPU-Z
Operation:writeName:WindowPos
Value:
415,67
(PID) Process:(1100) GPU-Z 2.66.0.exeKey:HKEY_CURRENT_USER\SOFTWARE\techPowerUp\GPU-Z
Operation:writeName:LastCardIndex
Value:
0
(PID) Process:(6296) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(6296) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(6296) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(6296) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(7004) aida64extreme770.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AIDA64 Extreme_is1
Operation:writeName:Inno Setup: Setup Version
Value:
5.5.5 (a)
Executable files
63
Suspicious files
16
Text files
97
Unknown types
12

Dropped files

PID
Process
Filename
Type
6296WinRAR.exeC:\Users\admin\Desktop\aida.64extreme.7.70\aida.64extreme.7.70\aida64extreme770.exe
MD5:
SHA256:
6296WinRAR.exeC:\Users\admin\Desktop\aida.64extreme.7.70\aida.64extreme.7.70\КАК АКТИВИРОВАТЬ!!!.txttext
MD5:11BB4F6C20F11EA41022E64CC268E8C2
SHA256:CD7C7D7CD0501D64684853D10478824E896FA3AD42363A595B7EC28C2E9EEBDF
7004aida64extreme770.tmpC:\Users\admin\AppData\Local\Temp\is-STS3E.tmp\_isetup\_setup64.tmpexecutable
MD5:526426126AE5D326D0A24706C77D8C5C
SHA256:B20A8D88C550981137ED831F2015F5F11517AEB649C29642D9D61DEA5EBC37D1
4500aida64extreme770.exeC:\Users\admin\AppData\Local\Temp\is-D9A7C.tmp\aida64extreme770.tmpexecutable
MD5:B40EFA2A563C284FFB737E36763FE9B2
SHA256:BE2CB171F3BFEA4CE993F657A53DE113A2EAF12D709C20CB2B996E2878E8D3F3
7004aida64extreme770.tmpC:\Users\admin\AppData\Local\Temp\is-STS3E.tmp\wp_100.bmpimage
MD5:EEE6E79C8ADFE1F63DB6C43BD64BDF42
SHA256:28FEE14BC15EF390F1C9D6E6F9476D66D0E5FEB762B172C10895A881780FD787
7004aida64extreme770.tmpC:\Users\admin\AppData\Local\Temp\is-STS3E.tmp\_isetup\_shfoldr.dllexecutable
MD5:92DC6EF532FBB4A5C3201469A5B5EB63
SHA256:9884E9D1B4F8A873CCBD81F8AD0AE257776D2348D027D811A56475E028360D87
7004aida64extreme770.tmpC:\Users\admin\AppData\Local\Temp\is-STS3E.tmp\ios_100.bmpimage
MD5:44DFCC45FB934DA6782168F6C03F00A4
SHA256:1CEA5F212804A6AF116773B6FA70E03271951BC5CEE76B4367C0E58B9F021B5E
1100GPU-Z 2.66.0.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\RR3E01RZ\version_v2[1].jsonbinary
MD5:CE9ADF1523D351F9C0A008183687698F
SHA256:CA1BD67B385AC754BD62D57FADED34BB495DE874BBEAFCF7F3534BD9E833B90D
1100GPU-Z 2.66.0.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711Eder
MD5:3D92068767E0357CA14278DF8161B77E
SHA256:8327F87FC2CC5201FA7E9D68183F4195362FD004871423116BE840B1A561425A
7004aida64extreme770.tmpC:\Users\admin\AppData\Local\Temp\is-STS3E.tmp\sfos1_100.bmpimage
MD5:61FD6D4939897C4CEF4AFC948EEE1449
SHA256:340388C7AB5812C29134E60FC0778F5833735A7E99CF571CDCCFDB6141D699CD
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
10
TCP/UDP connections
33
DNS requests
27
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1100
GPU-Z 2.66.0.exe
GET
200
172.64.149.23:80
http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D
unknown
whitelisted
1100
GPU-Z 2.66.0.exe
GET
200
104.18.38.233:80
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D
unknown
whitelisted
1100
GPU-Z 2.66.0.exe
GET
200
172.64.149.23:80
http://ocsp.sectigo.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRDC9IOTxN6GmyRjyTl2n4yTUczyAQUjYxexFStiuF36Zv5mwXhuAGNYeECEHN9Y6q%2B3V1xSVihftvH1Bk%3D
unknown
whitelisted
1268
svchost.exe
GET
200
23.55.110.193:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1268
svchost.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
2144
SIHClient.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
2144
SIHClient.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
2940
svchost.exe
GET
200
23.209.209.135:80
http://x1.c.lencr.org/
unknown
whitelisted
5988
backgroundTaskHost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEA77flR%2B3w%2FxBpruV2lte6A%3D
unknown
whitelisted
2876
svchost.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
1268
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5944
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5504
RUXIMICS.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
1100
GPU-Z 2.66.0.exe
216.158.237.92:443
www.gpu-z.com
IS-AS-1
US
unknown
1100
GPU-Z 2.66.0.exe
172.64.149.23:80
ocsp.comodoca.com
CLOUDFLARENET
US
whitelisted
1100
GPU-Z 2.66.0.exe
104.18.38.233:80
ocsp.comodoca.com
CLOUDFLARENET
whitelisted
1268
svchost.exe
13.71.55.58:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IN
whitelisted
1268
svchost.exe
23.55.110.193:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 13.71.55.58
  • 20.73.194.208
  • 51.104.136.2
whitelisted
google.com
  • 142.250.181.238
whitelisted
www.gpu-z.com
  • 216.158.237.92
unknown
ocsp.comodoca.com
  • 172.64.149.23
  • 104.18.38.233
whitelisted
ocsp.usertrust.com
  • 104.18.38.233
  • 172.64.149.23
whitelisted
ocsp.sectigo.com
  • 172.64.149.23
  • 104.18.38.233
whitelisted
crl.microsoft.com
  • 23.55.110.193
  • 23.55.110.211
whitelisted
www.microsoft.com
  • 2.23.246.101
whitelisted
login.live.com
  • 40.126.31.0
  • 20.190.159.73
  • 20.190.159.131
  • 20.190.159.0
  • 40.126.31.69
  • 40.126.31.3
  • 40.126.31.130
  • 20.190.159.64
  • 20.190.160.67
  • 40.126.32.138
  • 20.190.160.14
  • 20.190.160.132
  • 40.126.32.76
  • 40.126.32.74
  • 40.126.32.68
  • 20.190.160.64
whitelisted
ocsp.digicert.com
  • 184.30.131.245
  • 2.17.190.73
whitelisted

Threats

No threats detected
Process
Message
GPU-Z 2.66.0.exe
in CXCrashHandler
GPU-Z 2.66.0.exe
in ~CXCrashHandler
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
GPU-Z 2.66.0.exe