File name:

GPU-Z 2.66.0.exe

Full analysis: https://app.any.run/tasks/3aaa5362-075d-4350-bc31-b156d96a794a
Verdict: Malicious activity
Analysis date: July 14, 2025, 09:43:23
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
inno
installer
delphi
aida64
tool
arch-scr
arch-html
upx
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections
MD5:

5B84A2D40DF4A1D561F8268B7385ECEE

SHA1:

C343C67213FE74D41102745D3051FCDF7E2C03FD

SHA256:

8C9C0ABA50E5C6A393C3D701A1A3B138195AD0D3CE589C9ECA1469920FC3172B

SSDEEP:

98304:wvG8iRbXRjhDyvtnhzfO6pTixrwvIajvouw3MXhrRyhKKUXQJVUGkTw0ftG8X67q:HKe7xT/R6mtPdJCT

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Drops a system driver (possible attempt to evade defenses)

      • GPU-Z 2.66.0.exe (PID: 1100)
      • aida64extreme770.tmp (PID: 7004)

    • Executable content was dropped or overwritten

      • GPU-Z 2.66.0.exe (PID: 1100)
      • aida64extreme770.exe (PID: 5896)
      • aida64extreme770.exe (PID: 4500)
      • aida64extreme770.tmp (PID: 7004)

    • Reads security settings of Internet Explorer

      • GPU-Z 2.66.0.exe (PID: 1100)
      • aida64.exe (PID: 2140)
      • aida64extreme770.tmp (PID: 5340)

    • Reads the Windows owner or organization settings

      • aida64extreme770.tmp (PID: 7004)
      • aida64.exe (PID: 2140)

    • Reads the BIOS version

      • aida64.exe (PID: 2140)

    • Searches for installed software

      • aida64.exe (PID: 2140)

    • Creates a software uninstall entry

      • aida64.exe (PID: 2140)

    • Process drops legitimate windows executable

      • aida64extreme770.tmp (PID: 7004)

    • Uses RUNDLL32.EXE to load library

      • ie4uinit.exe (PID: 6512)

    • There is functionality for taking screenshot (YARA)

      • aida64.exe (PID: 2140)

    • Write to the desktop.ini file (may be used to cloak folders)

      • aida64.exe (PID: 2140)

    • Starts application with an unusual extension

      • aida64.exe (PID: 2140)

    • Reads the date of Windows installation

      • aida64.exe (PID: 2140)

    • The process checks if it is being run in the virtual environment

      • aida64.exe (PID: 2140)

  • INFO

    • Checks supported languages

      • GPU-Z 2.66.0.exe (PID: 1100)
      • aida64extreme770.exe (PID: 5896)
      • aida64extreme770.tmp (PID: 7004)
      • aida64extreme770.exe (PID: 4500)
      • aida64extreme770.tmp (PID: 5340)
      • aida64.exe (PID: 2140)
      • aida64.exe (PID: 4088)
      • aida_bench64.dll (PID: 4232)
      • aida_bench64.dll (PID: 6284)
      • aida_bench64.dll (PID: 5116)
      • aida_bench64.dll (PID: 4400)

    • Reads the computer name

      • GPU-Z 2.66.0.exe (PID: 1100)
      • aida64extreme770.tmp (PID: 7004)
      • aida64extreme770.tmp (PID: 5340)
      • aida64.exe (PID: 2140)
      • aida64.exe (PID: 4088)

    • Create files in a temporary directory

      • GPU-Z 2.66.0.exe (PID: 1100)
      • aida64extreme770.exe (PID: 5896)
      • aida64extreme770.tmp (PID: 7004)
      • aida64extreme770.exe (PID: 4500)

    • Checks proxy server information

      • GPU-Z 2.66.0.exe (PID: 1100)
      • aida64.exe (PID: 2140)
      • slui.exe (PID: 7136)

    • The sample compiled with english language support

      • GPU-Z 2.66.0.exe (PID: 1100)
      • aida64extreme770.tmp (PID: 7004)

    • Creates files or folders in the user directory

      • GPU-Z 2.66.0.exe (PID: 1100)

    • Reads the machine GUID from the registry

      • GPU-Z 2.66.0.exe (PID: 1100)

    • Reads the software policy settings

      • GPU-Z 2.66.0.exe (PID: 1100)
      • slui.exe (PID: 7136)

    • Manual execution by a user

      • aida64extreme770.exe (PID: 4500)
      • WinRAR.exe (PID: 6296)
      • aida64.exe (PID: 3460)
      • aida64.exe (PID: 4088)

    • Process checks computer location settings

      • aida64extreme770.tmp (PID: 5340)
      • aida64.exe (PID: 2140)

    • Compiled with Borland Delphi (YARA)

      • aida64extreme770.tmp (PID: 5340)
      • aida64extreme770.tmp (PID: 7004)
      • slui.exe (PID: 7136)
      • aida_bench64.dll (PID: 4400)
      • conhost.exe (PID: 6372)
      • splwow64.exe (PID: 1468)

    • Detects InnoSetup installer (YARA)

      • aida64extreme770.tmp (PID: 5340)
      • aida64extreme770.exe (PID: 5896)
      • aida64extreme770.tmp (PID: 7004)
      • aida64extreme770.exe (PID: 4500)

    • Creates files in the program directory

      • aida64extreme770.tmp (PID: 7004)
      • aida64.exe (PID: 2140)

    • Creates a software uninstall entry

      • aida64extreme770.tmp (PID: 7004)

    • AIDA64 mutex has been found

      • aida64.exe (PID: 2140)
      • aida64.exe (PID: 4088)

    • Reads security settings of Internet Explorer

      • splwow64.exe (PID: 1468)
      • ie4uinit.exe (PID: 6512)

    • UPX packer has been detected

      • aida64.exe (PID: 2140)

    • Reads Environment values

      • aida64.exe (PID: 2140)

    • Reads CPU info

      • aida64.exe (PID: 2140)

    • Reads Windows Product ID

      • aida64.exe (PID: 2140)

    • Disables trace logs

      • aida64.exe (PID: 2140)

    • Process checks whether UAC notifications are on

      • aida64.exe (PID: 2140)

    • Reads mouse settings

      • aida64.exe (PID: 2140)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | UPX compressed Win32 Executable (76)
.exe | Win32 Executable (generic) (12.6)
.exe | Generic Win/DOS Executable (5.6)
.exe | DOS Executable Generic (5.6)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2025:05:29 10:15:59+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.16
CodeSize: 11206656
InitializedDataSize: 57344
UninitializedDataSize: 42303488
EntryPoint: 0x3308220
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 2.66.0.0
ProductVersionNumber: 2.66.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Unknown (0019)
CharacterSet: Windows, Cyrillic
CompanyName: TechPowerUp (www.techpowerup.com)
FileDescription: GPU-Z - Video card Information Utility
FileVersion: 2.66.0.0
InternalName: GPU-Z.exe
LegalCopyright: (c) 2007-2025 TechPowerUp (www.techpowerup.com)
OriginalFileName: GPU-Z.exe
ProductName: GPU-Z - Video card Information Utility
ProductVersion: 2.66.0.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
177
Monitored processes
25
Malicious processes
5
Suspicious processes
1

Behavior graph

Click at the process to see the details
start gpu-z 2.66.0.exe winrar.exe no specs rundll32.exe no specs aida64extreme770.exe aida64extreme770.tmp no specs aida64extreme770.exe aida64extreme770.tmp aida64.exe no specs aida64.exe aida64.exe no specs aida64.exe slui.exe ie4uinit.exe no specs rundll32.exe no specs rundll32.exe no specs splwow64.exe no specs aida_bench64.dll no specs conhost.exe no specs aida_bench64.dll no specs conhost.exe no specs aida_bench64.dll no specs conhost.exe no specs aida_bench64.dll no specs conhost.exe no specs gpu-z 2.66.0.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1100"C:\Users\admin\Desktop\GPU-Z 2.66.0.exe" C:\Users\admin\Desktop\GPU-Z 2.66.0.exe
explorer.exe
User:
admin
Company:
TechPowerUp (www.techpowerup.com)
Integrity Level:
HIGH
Description:
GPU-Z - Video card Information Utility
Exit code:
2
Version:
2.66.0.0
Modules
Images
c:\users\admin\desktop\gpu-z 2.66.0.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
1468C:\WINDOWS\splwow64.exe 12288C:\Windows\splwow64.exeaida64.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Print driver host for applications
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\splwow64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
2140"C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe" C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
aida64extreme770.tmp
User:
admin
Company:
FinalWire Ltd.
Integrity Level:
HIGH
Description:
AIDA64 Extreme
Version:
7.70.7500
Modules
Images
c:\program files (x86)\finalwire\aida64 extreme\aida64.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
2220\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeaida_bench64.dll
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2524\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeaida_bench64.dll
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3000C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\system32\migration\WininetPlugin.dll,MigrateCacheForUser /m /0C:\Windows\System32\rundll32.exeie4uinit.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shcore.dll
c:\windows\system32\imagehlp.dll
3460"C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe" C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exeexplorer.exe
User:
admin
Company:
FinalWire Ltd.
Integrity Level:
MEDIUM
Description:
AIDA64 Extreme
Exit code:
3221226540
Version:
7.70.7500
Modules
Images
c:\program files (x86)\finalwire\aida64 extreme\aida64.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
3844C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\system32\migration\WininetPlugin.dll,MigrateCacheForUser /m /0C:\Windows\System32\rundll32.exeie4uinit.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shcore.dll
c:\windows\system32\imagehlp.dll
4088"C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe" C:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida64.exe
explorer.exe
User:
admin
Company:
FinalWire Ltd.
Integrity Level:
HIGH
Description:
AIDA64 Extreme
Exit code:
0
Version:
7.70.7500
Modules
Images
c:\program files (x86)\finalwire\aida64 extreme\aida64.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
4232aida_bench64.dll FinalWireBenchmarks_MTMBWC:\Program Files (x86)\FinalWire\AIDA64 Extreme\aida_bench64.dllaida64.exe
User:
admin
Company:
FinalWire Ltd.
Integrity Level:
HIGH
Description:
AIDA64 Benchmark Module
Exit code:
0
Version:
4.70
Modules
Images
c:\program files (x86)\finalwire\aida64 extreme\aida_bench64.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
Total events
31 461
Read events
31 354
Write events
105
Delete events
2

Modification events

(PID) Process:(1100) GPU-Z 2.66.0.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(1100) GPU-Z 2.66.0.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(1100) GPU-Z 2.66.0.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(1100) GPU-Z 2.66.0.exeKey:HKEY_CURRENT_USER\SOFTWARE\techPowerUp\GPU-Z
Operation:writeName:WindowPos
Value:
415,67
(PID) Process:(1100) GPU-Z 2.66.0.exeKey:HKEY_CURRENT_USER\SOFTWARE\techPowerUp\GPU-Z
Operation:writeName:LastCardIndex
Value:
0
(PID) Process:(6296) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(6296) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(6296) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(6296) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(7004) aida64extreme770.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AIDA64 Extreme_is1
Operation:writeName:Inno Setup: Setup Version
Value:
5.5.5 (a)
Executable files
63
Suspicious files
16
Text files
97
Unknown types
12

Dropped files

PID
Process
Filename
Type
6296WinRAR.exeC:\Users\admin\Desktop\aida.64extreme.7.70\aida.64extreme.7.70\aida64extreme770.exe
MD5:
SHA256:
1100GPU-Z 2.66.0.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850Dbinary
MD5:955FC01633929FA95EAFF85D4E2E9C0C
SHA256:33FD11F60F9E30966EC0F5A86FBD788E3F77F87C3835D67160747EB374424C67
1100GPU-Z 2.66.0.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711Eder
MD5:3D92068767E0357CA14278DF8161B77E
SHA256:8327F87FC2CC5201FA7E9D68183F4195362FD004871423116BE840B1A561425A
1100GPU-Z 2.66.0.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\RR3E01RZ\version_v2[1].jsonbinary
MD5:CE9ADF1523D351F9C0A008183687698F
SHA256:CA1BD67B385AC754BD62D57FADED34BB495DE874BBEAFCF7F3534BD9E833B90D
1100GPU-Z 2.66.0.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711Ebinary
MD5:1C58F3B7CF408F48C12BA374516BF365
SHA256:6FCA8960659D794CFAF7380D366E57C51DBE3F6165197F6C223D42B2CFEAFCF9
1100GPU-Z 2.66.0.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F649BE5F074D767215B12950C48C907Cder
MD5:EEA38F3D0A5EC778C1D6D2C7AB729D75
SHA256:8888F2DD73D94C7241EF84264F1738F238D6091D6AAE3B18CC14C75B136D758B
1100GPU-Z 2.66.0.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850Dder
MD5:20FDCD92B9CB1883A690D5182497E645
SHA256:13AF1C63450EEB38071E026332E1A911DE95474E3B168C64563FF97BCA71A430
6296WinRAR.exeC:\Users\admin\Desktop\aida.64extreme.7.70\aida.64extreme.7.70\pkey.txttext
MD5:21B713F1D247E9107BCFA3F5FBD90123
SHA256:AB7C358EEE4B906101532E105159CC019019300E5E92961A51336823E9008532
6296WinRAR.exeC:\Users\admin\Desktop\aida.64extreme.7.70\aida.64extreme.7.70\aida64.initext
MD5:2443EF30159A77B7AF75F9773CDFEFD0
SHA256:28640F0A034680861668D13353C18FFA94B3AE41CD947CE40A2D02B28414F376
7004aida64extreme770.tmpC:\Users\admin\AppData\Local\Temp\is-STS3E.tmp\wp_100.bmpimage
MD5:EEE6E79C8ADFE1F63DB6C43BD64BDF42
SHA256:28FEE14BC15EF390F1C9D6E6F9476D66D0E5FEB762B172C10895A881780FD787
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
10
TCP/UDP connections
33
DNS requests
27
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1100
GPU-Z 2.66.0.exe
GET
200
172.64.149.23:80
http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D
unknown
whitelisted
1100
GPU-Z 2.66.0.exe
GET
200
104.18.38.233:80
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D
unknown
whitelisted
1268
svchost.exe
GET
200
23.55.110.193:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1100
GPU-Z 2.66.0.exe
GET
200
172.64.149.23:80
http://ocsp.sectigo.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRDC9IOTxN6GmyRjyTl2n4yTUczyAQUjYxexFStiuF36Zv5mwXhuAGNYeECEHN9Y6q%2B3V1xSVihftvH1Bk%3D
unknown
whitelisted
2144
SIHClient.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
2144
SIHClient.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
1268
svchost.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
2940
svchost.exe
GET
200
23.209.209.135:80
http://x1.c.lencr.org/
unknown
whitelisted
5988
backgroundTaskHost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEA77flR%2B3w%2FxBpruV2lte6A%3D
unknown
whitelisted
2876
svchost.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
1268
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5944
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5504
RUXIMICS.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
1100
GPU-Z 2.66.0.exe
216.158.237.92:443
www.gpu-z.com
IS-AS-1
US
unknown
1100
GPU-Z 2.66.0.exe
172.64.149.23:80
ocsp.comodoca.com
CLOUDFLARENET
US
whitelisted
1100
GPU-Z 2.66.0.exe
104.18.38.233:80
ocsp.comodoca.com
CLOUDFLARENET
whitelisted
1268
svchost.exe
13.71.55.58:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IN
whitelisted
1268
svchost.exe
23.55.110.193:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 13.71.55.58
  • 20.73.194.208
  • 51.104.136.2
whitelisted
google.com
  • 142.250.181.238
whitelisted
www.gpu-z.com
  • 216.158.237.92
unknown
ocsp.comodoca.com
  • 172.64.149.23
  • 104.18.38.233
whitelisted
ocsp.usertrust.com
  • 104.18.38.233
  • 172.64.149.23
whitelisted
ocsp.sectigo.com
  • 172.64.149.23
  • 104.18.38.233
whitelisted
crl.microsoft.com
  • 23.55.110.193
  • 23.55.110.211
whitelisted
www.microsoft.com
  • 2.23.246.101
whitelisted
login.live.com
  • 40.126.31.0
  • 20.190.159.73
  • 20.190.159.131
  • 20.190.159.0
  • 40.126.31.69
  • 40.126.31.3
  • 40.126.31.130
  • 20.190.159.64
  • 20.190.160.67
  • 40.126.32.138
  • 20.190.160.14
  • 20.190.160.132
  • 40.126.32.76
  • 40.126.32.74
  • 40.126.32.68
  • 20.190.160.64
whitelisted
ocsp.digicert.com
  • 184.30.131.245
  • 2.17.190.73
whitelisted

Threats

No threats detected
Process
Message
GPU-Z 2.66.0.exe
in CXCrashHandler
GPU-Z 2.66.0.exe
in ~CXCrashHandler
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
GPU-Z 2.66.0.exe