File name:

GPU-Z 2.66.0.exe

Full analysis: https://app.any.run/tasks/4fb7cf19-8340-4ab3-a52b-cd445fe924ff
Verdict: Malicious activity
Analysis date: July 14, 2025, 07:07:59
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
upx
hwinfo
tool
antivm
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections
MD5:

5B84A2D40DF4A1D561F8268B7385ECEE

SHA1:

C343C67213FE74D41102745D3051FCDF7E2C03FD

SHA256:

8C9C0ABA50E5C6A393C3D701A1A3B138195AD0D3CE589C9ECA1469920FC3172B

SSDEEP:

98304:wvG8iRbXRjhDyvtnhzfO6pTixrwvIajvouw3MXhrRyhKKUXQJVUGkTw0ftG8X67q:HKe7xT/R6mtPdJCT

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Executing a file with an untrusted certificate

      • gpuz_installer.exe (PID: 3872)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • GPU-Z 2.66.0.exe (PID: 6716)
      • gpuz_installer.exe (PID: 3872)
      • gpuz_installer.tmp (PID: 2696)
      • GPU-Z.exe (PID: 3564)
      • GPU-Z.exe (PID: 1296)
      • HWiNFOPortable.exe (PID: 5416)
      • HWiNFO64.exe (PID: 3720)

    • Reads the Windows owner or organization settings

      • gpuz_installer.tmp (PID: 2696)

    • There is functionality for taking screenshot (YARA)

      • GPU-Z 2.66.0.exe (PID: 6716)
      • GPU-Z.exe (PID: 3564)
      • GPU-Z.exe (PID: 1296)
      • HWiNFOPortable.exe (PID: 5416)

    • Reads security settings of Internet Explorer

      • gpuz_installer.tmp (PID: 2696)
      • GPU-Z.exe (PID: 3564)
      • GPU-Z.exe (PID: 1296)
      • HWiNFOPortable.exe (PID: 5416)
      • HWiNFOPortable64Shim.exe (PID: 3588)

    • Drops a system driver (possible attempt to evade defenses)

      • GPU-Z.exe (PID: 3564)
      • GPU-Z.exe (PID: 1296)
      • HWiNFO64.exe (PID: 3720)

    • The process creates files with name similar to system file names

      • HWiNFOPortable.exe (PID: 5416)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • HWiNFOPortable.exe (PID: 5416)

    • Reads the BIOS version

      • HWiNFO64.exe (PID: 3720)

    • The process checks if it is being run in the virtual environment

      • HWiNFO64.exe (PID: 3720)

    • There is functionality for VM detection antiVM strings (YARA)

      • HWiNFO64.exe (PID: 3720)

  • INFO

    • Checks supported languages

      • GPU-Z 2.66.0.exe (PID: 6716)
      • gpuz_installer.exe (PID: 3872)
      • gpuz_installer.tmp (PID: 2696)
      • GPU-Z.exe (PID: 3564)
      • GPU-Z.exe (PID: 1296)
      • HWiNFOPortable.exe (PID: 5060)
      • HWiNFOPortable64Shim.exe (PID: 3588)
      • HWiNFO64.exe (PID: 3720)
      • HWiNFOPortable.exe (PID: 5416)

    • Create files in a temporary directory

      • gpuz_installer.exe (PID: 3872)
      • GPU-Z 2.66.0.exe (PID: 6716)
      • gpuz_installer.tmp (PID: 2696)
      • GPU-Z.exe (PID: 1296)
      • GPU-Z.exe (PID: 3564)
      • HWiNFOPortable.exe (PID: 5060)
      • HWiNFOPortable.exe (PID: 5416)
      • HWiNFO64.exe (PID: 3720)

    • Reads the computer name

      • GPU-Z 2.66.0.exe (PID: 6716)
      • gpuz_installer.tmp (PID: 2696)
      • GPU-Z.exe (PID: 3564)
      • GPU-Z.exe (PID: 1296)
      • HWiNFOPortable.exe (PID: 5060)
      • HWiNFOPortable.exe (PID: 5416)
      • HWiNFOPortable64Shim.exe (PID: 3588)
      • HWiNFO64.exe (PID: 3720)

    • Creates files in the program directory

      • gpuz_installer.tmp (PID: 2696)
      • HWiNFOPortable.exe (PID: 5416)

    • UPX packer has been detected

      • GPU-Z 2.66.0.exe (PID: 6716)
      • GPU-Z.exe (PID: 3564)
      • GPU-Z.exe (PID: 1296)
      • HWiNFO64.exe (PID: 3720)

    • Creates a software uninstall entry

      • gpuz_installer.tmp (PID: 2696)

    • Process checks computer location settings

      • gpuz_installer.tmp (PID: 2696)
      • HWiNFOPortable64Shim.exe (PID: 3588)

    • The sample compiled with english language support

      • GPU-Z.exe (PID: 3564)
      • WinRAR.exe (PID: 728)
      • GPU-Z.exe (PID: 1296)
      • HWiNFOPortable.exe (PID: 5416)
      • HWiNFO64.exe (PID: 3720)

    • Checks proxy server information

      • GPU-Z.exe (PID: 3564)
      • slui.exe (PID: 1752)
      • GPU-Z.exe (PID: 1296)

    • Creates files or folders in the user directory

      • GPU-Z.exe (PID: 3564)
      • GPU-Z.exe (PID: 1296)

    • Reads the software policy settings

      • GPU-Z.exe (PID: 3564)
      • GPU-Z.exe (PID: 1296)
      • slui.exe (PID: 1752)

    • Reads the machine GUID from the registry

      • GPU-Z.exe (PID: 3564)
      • GPU-Z.exe (PID: 1296)

    • Manual execution by a user

      • GPU-Z.exe (PID: 1296)
      • HWiNFOPortable.exe (PID: 5060)
      • HWiNFOPortable.exe (PID: 3028)
      • WinRAR.exe (PID: 728)
      • HWiNFOPortable.exe (PID: 6368)
      • HWiNFOPortable.exe (PID: 5416)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 728)

    • Reads CPU info

      • HWiNFO64.exe (PID: 3720)

    • HWINFO mutex has been found

      • HWiNFO64.exe (PID: 3720)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | UPX compressed Win32 Executable (76)
.exe | Win32 Executable (generic) (12.6)
.exe | Generic Win/DOS Executable (5.6)
.exe | DOS Executable Generic (5.6)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2025:05:29 10:15:59+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.16
CodeSize: 11206656
InitializedDataSize: 57344
UninitializedDataSize: 42303488
EntryPoint: 0x3308220
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 2.66.0.0
ProductVersionNumber: 2.66.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Unknown (0019)
CharacterSet: Windows, Cyrillic
CompanyName: TechPowerUp (www.techpowerup.com)
FileDescription: GPU-Z - Video card Information Utility
FileVersion: 2.66.0.0
InternalName: GPU-Z.exe
LegalCopyright: (c) 2007-2025 TechPowerUp (www.techpowerup.com)
OriginalFileName: GPU-Z.exe
ProductName: GPU-Z - Video card Information Utility
ProductVersion: 2.66.0.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
174
Monitored processes
16
Malicious processes
1
Suspicious processes
4

Behavior graph

Click at the process to see the details
start gpu-z 2.66.0.exe gpuz_installer.exe gpuz_installer.tmp gpu-z.exe gpu-z.exe slui.exe hwinfoportable.exe no specs hwinfoportable.exe winrar.exe rundll32.exe no specs hwinfoportable.exe no specs hwinfoportable.exe hwinfoportable64shim.exe no specs hwinfo64.exe no specs hwinfo64.exe gpu-z 2.66.0.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
728"C:\Program Files\WinRAR\WinRAR.exe" x -iext -ow -ver -- "C:\Users\admin\Desktop\HWiNFO.rar" C:\Users\admin\Desktop\HWiNFO\C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
1296"C:\Program Files (x86)\GPU-Z\GPU-Z.exe" C:\Program Files (x86)\GPU-Z\GPU-Z.exe
explorer.exe
User:
admin
Company:
TechPowerUp (www.techpowerup.com)
Integrity Level:
HIGH
Description:
GPU-Z - Video card Information Utility
Exit code:
2
Version:
2.66.0.0
Modules
Images
c:\program files (x86)\gpu-z\gpu-z.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
1752C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
2696"C:\Users\admin\AppData\Local\Temp\is-5GLTO.tmp\gpuz_installer.tmp" /SL5="$60252,832512,832512,C:\Users\admin\AppData\Local\Temp\gpuz_installer.exe" C:\Users\admin\AppData\Local\Temp\is-5GLTO.tmp\gpuz_installer.tmp
gpuz_installer.exe
User:
admin
Company:
TechPowerUp
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-5glto.tmp\gpuz_installer.tmp
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\comdlg32.dll
3028"C:\Users\admin\Desktop\HWiNFOPortable.exe" C:\Users\admin\Desktop\HWiNFOPortable.exeexplorer.exe
User:
admin
Company:
LRepacks
Integrity Level:
MEDIUM
Description:
HWiNFO Portable Launcher
Exit code:
3221226540
Version:
2.2.1.1
Modules
Images
c:\users\admin\desktop\hwinfoportable.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
3288C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -EmbeddingC:\Windows\System32\rundll32.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shcore.dll
c:\windows\system32\imagehlp.dll
3564"C:\Program Files (x86)\GPU-Z\GPU-Z.exe" C:\Program Files (x86)\GPU-Z\GPU-Z.exe
gpuz_installer.tmp
User:
admin
Company:
TechPowerUp (www.techpowerup.com)
Integrity Level:
HIGH
Description:
GPU-Z - Video card Information Utility
Exit code:
0
Version:
2.66.0.0
Modules
Images
c:\program files (x86)\gpu-z\gpu-z.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
3588"C:\Users\admin\Desktop\HWiNFO\HWiNFO\App\HWiNFO\HWiNFOPortable64Shim.exe"C:\Users\admin\Desktop\HWiNFO\HWiNFO\App\HWiNFO\HWiNFOPortable64Shim.exeHWiNFOPortable.exe
User:
admin
Company:
PortableApps.com
Integrity Level:
HIGH
Description:
HWiNFO Portable 64 Shim
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\hwinfo\hwinfo\app\hwinfo\hwinfoportable64shim.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
3720"C:\Program Files\HWiNFOPortableTemp\HWiNFO64.exe" C:\Program Files\HWiNFOPortableTemp\HWiNFO64.exe
HWiNFOPortable64Shim.exe
User:
admin
Company:
REALiX s.r.o.
Integrity Level:
HIGH
Description:
HWiNFO® 64 (x64)
Version:
8.28-5770
Modules
Images
c:\program files\hwinfoportabletemp\hwinfo64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
3872"C:\Users\admin\AppData\Local\Temp\\gpuz_installer.exe" C:\Users\admin\AppData\Local\Temp\gpuz_installer.exe
GPU-Z 2.66.0.exe
User:
admin
Company:
TechPowerUp
Integrity Level:
HIGH
Description:
TechPowerUp GPU-Z Setup
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\gpuz_installer.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\comctl32.dll
Total events
4 871
Read events
4 831
Write events
40
Delete events
0

Modification events

(PID) Process:(2696) gpuz_installer.tmpKey:HKEY_CURRENT_USER\SOFTWARE\techPowerUp\GPU-Z
Operation:writeName:Install_Dir
Value:
C:\Program Files (x86)\GPU-Z
(PID) Process:(2696) gpuz_installer.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8B0F211E-5846-4FB2-B0B9-4EB31546FDF9}}_is1
Operation:writeName:Inno Setup: Setup Version
Value:
6.2.2
(PID) Process:(2696) gpuz_installer.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8B0F211E-5846-4FB2-B0B9-4EB31546FDF9}}_is1
Operation:writeName:Inno Setup: App Path
Value:
C:\Program Files (x86)\GPU-Z
(PID) Process:(2696) gpuz_installer.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8B0F211E-5846-4FB2-B0B9-4EB31546FDF9}}_is1
Operation:writeName:InstallLocation
Value:
C:\Program Files (x86)\GPU-Z\
(PID) Process:(2696) gpuz_installer.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8B0F211E-5846-4FB2-B0B9-4EB31546FDF9}}_is1
Operation:writeName:Inno Setup: Icon Group
Value:
(Default)
(PID) Process:(2696) gpuz_installer.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8B0F211E-5846-4FB2-B0B9-4EB31546FDF9}}_is1
Operation:writeName:Inno Setup: User
Value:
admin
(PID) Process:(2696) gpuz_installer.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8B0F211E-5846-4FB2-B0B9-4EB31546FDF9}}_is1
Operation:writeName:Inno Setup: Selected Tasks
Value:
desktopicon
(PID) Process:(2696) gpuz_installer.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8B0F211E-5846-4FB2-B0B9-4EB31546FDF9}}_is1
Operation:writeName:Inno Setup: Deselected Tasks
Value:
(PID) Process:(2696) gpuz_installer.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8B0F211E-5846-4FB2-B0B9-4EB31546FDF9}}_is1
Operation:writeName:Inno Setup: Language
Value:
en
(PID) Process:(2696) gpuz_installer.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8B0F211E-5846-4FB2-B0B9-4EB31546FDF9}}_is1
Operation:writeName:DisplayName
Value:
TechPowerUp GPU-Z
Executable files
18
Suspicious files
11
Text files
18
Unknown types
6

Dropped files

PID
Process
Filename
Type
6716GPU-Z 2.66.0.exeC:\Users\admin\AppData\Local\Temp\GPU-Z.exeexecutable
MD5:5B84A2D40DF4A1D561F8268B7385ECEE
SHA256:8C9C0ABA50E5C6A393C3D701A1A3B138195AD0D3CE589C9ECA1469920FC3172B
3564GPU-Z.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\RR3E01RZ\version_v2[1].jsonbinary
MD5:CE9ADF1523D351F9C0A008183687698F
SHA256:CA1BD67B385AC754BD62D57FADED34BB495DE874BBEAFCF7F3534BD9E833B90D
2696gpuz_installer.tmpC:\Program Files (x86)\GPU-Z\is-8CJ70.tmpexecutable
MD5:BE3DDA48E9454C6AB683272E3FBE2A5D
SHA256:46631D2343FA72953D68F00FCA08DEA6BEF027EA6ED494260D658576A79568C1
2696gpuz_installer.tmpC:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z.lnklnk
MD5:8050EC590043E63C40547069080F1A91
SHA256:95FE91F10045B43636114CDE31660D8FFD387F30E55F09983A3068EF5CDF551F
2696gpuz_installer.tmpC:\Program Files (x86)\GPU-Z\is-R2LKO.tmpexecutable
MD5:5B84A2D40DF4A1D561F8268B7385ECEE
SHA256:8C9C0ABA50E5C6A393C3D701A1A3B138195AD0D3CE589C9ECA1469920FC3172B
2696gpuz_installer.tmpC:\Program Files (x86)\GPU-Z\unins000.datdat
MD5:CCBA74AA9C50C94F831D2F75A7D001B2
SHA256:56E663904B15FCE6A2225AF4E5E60E3E68C2D71BA9F6D6D6DA493C4830D5D20B
3564GPU-Z.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711Eder
MD5:3D92068767E0357CA14278DF8161B77E
SHA256:8327F87FC2CC5201FA7E9D68183F4195362FD004871423116BE840B1A561425A
2696gpuz_installer.tmpC:\Users\Public\Desktop\TechPowerUp GPU-Z.lnklnk
MD5:86415B6F27070686FE6E8035FEC7AAD9
SHA256:C7E6D378EEB1B20F90D96B81C675DEBE350C8BF83536162C28B46E94FEDEAD15
3564GPU-Z.exeC:\Users\admin\AppData\Local\Temp\GPU-Z-v2.sysexecutable
MD5:D4320487BF3021F2F2AFCFC43D652A69
SHA256:9AF0B89C5C54EB66E5A660B61AEE7C1A25B1C92E20A310D8B16552ABCF90C0B5
3564GPU-Z.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850Dder
MD5:20FDCD92B9CB1883A690D5182497E645
SHA256:13AF1C63450EEB38071E026332E1A911DE95474E3B168C64563FF97BCA71A430
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
11
TCP/UDP connections
36
DNS requests
26
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1268
svchost.exe
GET
200
23.216.77.28:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1268
svchost.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
2148
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
3564
GPU-Z.exe
GET
200
172.64.149.23:80
http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D
unknown
whitelisted
3564
GPU-Z.exe
GET
200
104.18.38.233:80
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D
unknown
whitelisted
3564
GPU-Z.exe
GET
200
172.64.149.23:80
http://ocsp.sectigo.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRDC9IOTxN6GmyRjyTl2n4yTUczyAQUjYxexFStiuF36Zv5mwXhuAGNYeECEHN9Y6q%2B3V1xSVihftvH1Bk%3D
unknown
whitelisted
2180
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
2180
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
4844
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
2940
svchost.exe
GET
200
23.209.209.135:80
http://x1.c.lencr.org/
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1268
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:137
whitelisted
5944
MoUsoCoreWorker.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4512
RUXIMICS.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
1268
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
1268
svchost.exe
23.216.77.28:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
1268
svchost.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
2148
svchost.exe
40.126.31.2:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2148
svchost.exe
2.17.190.73:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
  • 51.124.78.146
  • 40.127.240.158
whitelisted
google.com
  • 216.58.206.46
whitelisted
crl.microsoft.com
  • 23.216.77.28
  • 23.216.77.6
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
login.live.com
  • 40.126.31.2
  • 20.190.159.73
  • 20.190.159.68
  • 20.190.159.4
  • 40.126.31.71
  • 20.190.159.2
  • 20.190.159.71
  • 20.190.159.23
  • 20.190.160.131
  • 20.190.160.128
  • 40.126.32.76
  • 20.190.160.20
  • 20.190.160.67
  • 20.190.160.5
  • 20.190.160.64
  • 40.126.32.136
whitelisted
ocsp.digicert.com
  • 2.17.190.73
whitelisted
www.gpu-z.com
  • 216.158.237.92
unknown
client.wns.windows.com
  • 172.211.123.250
whitelisted
ocsp.comodoca.com
  • 172.64.149.23
  • 104.18.38.233
whitelisted
ocsp.usertrust.com
  • 104.18.38.233
  • 172.64.149.23
whitelisted

Threats

No threats detected
Process
Message
GPU-Z 2.66.0.exe
in CXCrashHandler
GPU-Z.exe
in CXCrashHandler
GPU-Z 2.66.0.exe
in ~CXCrashHandler
GPU-Z.exe
in ~CXCrashHandler
GPU-Z.exe
in CXCrashHandler
GPU-Z.exe
in ~CXCrashHandler
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
GPU-Z 2.66.0.exe