File name:

Intel-Driver-and-Support-Assistant-Installer1.exe

Full analysis: https://app.any.run/tasks/4d492734-7e3e-4acc-84f7-a67bc201328b
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: April 21, 2025, 00:26:34
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
auto-reg
loader
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 7 sections
MD5:

A3F9A844858AE41C3F9C139671437C98

SHA1:

0D874E9AC40A7CBCAAA5308D885E178B659504AC

SHA256:

C8257BD8A8A7E63D927492858E29A50DECF0938AD724E584CC840A40025591AA

SSDEEP:

98304:TiwhXSWAgQEf6cGBm4rmLbFsopn7PYONoyjSUL9A7uxuJnKdACUSQ37YWxsC6tqC:P0aDaToUCR0S

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 7756)
      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 7268)
      • windowsdesktop-runtime-8.0.14-win-x86.exe (PID: 7652)
      • windowsdesktop-runtime-8.0.14-win-x86.exe (PID: 7948)
      • windowsdesktop-runtime-8.0.14-win-x86.exe (PID: 8008)
      • AspNetCoreSharedFrameworkBundle-x86.exe (PID: 6700)
      • AspNetCoreSharedFrameworkBundle-x86.exe (PID: 8152)
      • dotnet-runtime-8.0.14-win-x64.exe (PID: 5776)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • Intel-Driver-and-Support-Assistant-Installer1.exe (PID: 7396)
      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 7756)
      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 5116)
      • windowsdesktop-runtime-8.0.14-win-x86.exe (PID: 7576)
      • windowsdesktop-runtime-8.0.14-win-x86.exe (PID: 7564)
      • windowsdesktop-runtime-8.0.14-win-x86.exe (PID: 7652)
      • windowsdesktop-runtime-8.0.14-win-x86.exe (PID: 1388)
      • windowsdesktop-runtime-8.0.14-win-x86.exe (PID: 7828)
      • windowsdesktop-runtime-8.0.14-win-x86.exe (PID: 7816)
      • aspnetcore-runtime-8.0.14-win-x86.exe (PID: 300)
      • aspnetcore-runtime-8.0.14-win-x86.exe (PID: 4884)
      • AspNetCoreSharedFrameworkBundle-x86.exe (PID: 6700)
      • dotnet-runtime-8.0.14-win-x64.exe (PID: 3956)
      • AspNetCoreSharedFrameworkBundle-x86.exe (PID: 7576)
      • dotnet-runtime-8.0.14-win-x64.exe (PID: 7344)
      • dotnet-runtime-8.0.14-win-x64.exe (PID: 5776)
      • dotnet-runtime-8.0.14-win-x64.exe (PID: 2084)

    • Process drops legitimate windows executable

      • Intel-Driver-and-Support-Assistant-Installer1.exe (PID: 7396)
      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 5116)
      • windowsdesktop-runtime-8.0.14-win-x86.exe (PID: 7576)
      • windowsdesktop-runtime-8.0.14-win-x86.exe (PID: 7564)
      • windowsdesktop-runtime-8.0.14-win-x86.exe (PID: 7652)
      • msiexec.exe (PID: 6724)
      • windowsdesktop-runtime-8.0.14-win-x86.exe (PID: 7828)
      • windowsdesktop-runtime-8.0.14-win-x86.exe (PID: 7816)
      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 7756)
      • dotnet-runtime-8.0.14-win-x64.exe (PID: 3956)
      • dotnet-runtime-8.0.14-win-x64.exe (PID: 7344)
      • dotnet-runtime-8.0.14-win-x64.exe (PID: 5776)

    • Searches for installed software

      • Intel-Driver-and-Support-Assistant-Installer1.exe (PID: 7396)
      • dllhost.exe (PID: 7812)
      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 7756)
      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 5112)
      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 5116)
      • windowsdesktop-runtime-8.0.14-win-x86.exe (PID: 7564)
      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 7268)
      • windowsdesktop-runtime-8.0.14-win-x86.exe (PID: 7652)
      • windowsdesktop-runtime-8.0.14-win-x86.exe (PID: 7676)
      • windowsdesktop-runtime-8.0.14-win-x86.exe (PID: 1388)
      • windowsdesktop-runtime-8.0.14-win-x86.exe (PID: 7948)
      • windowsdesktop-runtime-8.0.14-win-x86.exe (PID: 8008)
      • windowsdesktop-runtime-8.0.14-win-x86.exe (PID: 7816)
      • aspnetcore-runtime-8.0.14-win-x86.exe (PID: 4884)
      • AspNetCoreSharedFrameworkBundle-x86.exe (PID: 6700)
      • AspNetCoreSharedFrameworkBundle-x86.exe (PID: 7624)
      • AspNetCoreSharedFrameworkBundle-x86.exe (PID: 7576)
      • AspNetCoreSharedFrameworkBundle-x86.exe (PID: 8152)
      • dotnet-runtime-8.0.14-win-x64.exe (PID: 7344)
      • dotnet-runtime-8.0.14-win-x64.exe (PID: 5776)
      • dotnet-runtime-8.0.14-win-x64.exe (PID: 1184)

    • Reads security settings of Internet Explorer

      • Intel-Driver-and-Support-Assistant-Installer1.exe (PID: 7396)
      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 5116)
      • windowsdesktop-runtime-8.0.14-win-x86.exe (PID: 7564)
      • windowsdesktop-runtime-8.0.14-win-x86.exe (PID: 1388)
      • windowsdesktop-runtime-8.0.14-win-x86.exe (PID: 7816)
      • BootstrapperUI_V2.exe (PID: 6516)
      • BootstrapperUI_V2.exe (PID: 3968)
      • aspnetcore-runtime-8.0.14-win-x86.exe (PID: 4884)
      • AspNetCoreSharedFrameworkBundle-x86.exe (PID: 7576)
      • dotnet-runtime-8.0.14-win-x64.exe (PID: 7344)

    • Executes as Windows Service

      • VSSVC.exe (PID: 7860)

    • Creates a software uninstall entry

      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 7756)
      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 7268)
      • windowsdesktop-runtime-8.0.14-win-x86.exe (PID: 7652)
      • windowsdesktop-runtime-8.0.14-win-x86.exe (PID: 7948)
      • windowsdesktop-runtime-8.0.14-win-x86.exe (PID: 8008)
      • AspNetCoreSharedFrameworkBundle-x86.exe (PID: 6700)
      • AspNetCoreSharedFrameworkBundle-x86.exe (PID: 8152)
      • dotnet-runtime-8.0.14-win-x64.exe (PID: 5776)

    • Application launched itself

      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 5112)
      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 5116)
      • windowsdesktop-runtime-8.0.14-win-x86.exe (PID: 7676)
      • windowsdesktop-runtime-8.0.14-win-x86.exe (PID: 7944)
      • windowsdesktop-runtime-8.0.14-win-x86.exe (PID: 1388)
      • AspNetCoreSharedFrameworkBundle-x86.exe (PID: 7624)
      • AspNetCoreSharedFrameworkBundle-x86.exe (PID: 7592)
      • AspNetCoreSharedFrameworkBundle-x86.exe (PID: 7576)
      • dotnet-runtime-8.0.14-win-x64.exe (PID: 1184)
      • dotnet-runtime-8.0.14-win-x64.exe (PID: 7484)

    • Starts a Microsoft application from unusual location

      • windowsdesktop-runtime-8.0.14-win-x86.exe (PID: 7564)
      • windowsdesktop-runtime-8.0.14-win-x86.exe (PID: 7652)
      • windowsdesktop-runtime-8.0.14-win-x86.exe (PID: 7816)
      • windowsdesktop-runtime-8.0.14-win-x86.exe (PID: 8008)
      • aspnetcore-runtime-8.0.14-win-x86.exe (PID: 4884)
      • AspNetCoreSharedFrameworkBundle-x86.exe (PID: 6700)
      • dotnet-runtime-8.0.14-win-x64.exe (PID: 7344)
      • dotnet-runtime-8.0.14-win-x64.exe (PID: 5776)

    • Starts itself from another location

      • windowsdesktop-runtime-8.0.14-win-x86.exe (PID: 7564)
      • windowsdesktop-runtime-8.0.14-win-x86.exe (PID: 7816)
      • aspnetcore-runtime-8.0.14-win-x86.exe (PID: 4884)
      • dotnet-runtime-8.0.14-win-x64.exe (PID: 7344)

    • Reads the Windows owner or organization settings

      • msiexec.exe (PID: 6724)

    • The process creates files with name similar to system file names

      • msiexec.exe (PID: 6724)

    • The process drops C-runtime libraries

      • msiexec.exe (PID: 6724)

  • INFO

    • Checks supported languages

      • netcoresearch.exe (PID: 7596)
      • netcoresearch.exe (PID: 7532)
      • netcoresearch.exe (PID: 7472)
      • wixprqba.exe (PID: 7432)
      • Intel-Driver-and-Support-Assistant-Installer1.exe (PID: 7396)
      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 7756)
      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 5112)
      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 5116)
      • wixprqba.exe (PID: 6944)
      • netcoresearch.exe (PID: 2320)
      • netcoresearch.exe (PID: 7312)
      • netcoresearch.exe (PID: 7292)
      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 7268)
      • windowsdesktop-runtime-8.0.14-win-x86.exe (PID: 7576)
      • windowsdesktop-runtime-8.0.14-win-x86.exe (PID: 7564)
      • windowsdesktop-runtime-8.0.14-win-x86.exe (PID: 7652)
      • msiexec.exe (PID: 6724)
      • windowsdesktop-runtime-8.0.14-win-x86.exe (PID: 7676)
      • windowsdesktop-runtime-8.0.14-win-x86.exe (PID: 7944)
      • windowsdesktop-runtime-8.0.14-win-x86.exe (PID: 1388)
      • msiexec.exe (PID: 6676)
      • msiexec.exe (PID: 3008)
      • msiexec.exe (PID: 2908)
      • windowsdesktop-runtime-8.0.14-win-x86.exe (PID: 7828)
      • windowsdesktop-runtime-8.0.14-win-x86.exe (PID: 7948)
      • windowsdesktop-runtime-8.0.14-win-x86.exe (PID: 7816)
      • windowsdesktop-runtime-8.0.14-win-x86.exe (PID: 8008)
      • msiexec.exe (PID: 684)
      • BootstrapperUI_V2.exe (PID: 6516)
      • msiexec.exe (PID: 6372)
      • netcoresearch.exe (PID: 5304)
      • netcoresearch.exe (PID: 7672)
      • msiexec.exe (PID: 2084)
      • BootstrapperUI_V2.exe (PID: 3968)
      • netcoresearch.exe (PID: 3176)
      • netcoresearch.exe (PID: 4224)
      • netcoresearch.exe (PID: 5008)
      • aspnetcore-runtime-8.0.14-win-x86.exe (PID: 300)
      • aspnetcore-runtime-8.0.14-win-x86.exe (PID: 4884)
      • netcoresearch.exe (PID: 5984)
      • AspNetCoreSharedFrameworkBundle-x86.exe (PID: 7624)
      • AspNetCoreSharedFrameworkBundle-x86.exe (PID: 7592)
      • AspNetCoreSharedFrameworkBundle-x86.exe (PID: 7576)
      • AspNetCoreSharedFrameworkBundle-x86.exe (PID: 6700)
      • AspNetCoreSharedFrameworkBundle-x86.exe (PID: 8152)
      • dotnet-runtime-8.0.14-win-x64.exe (PID: 3956)
      • dotnet-runtime-8.0.14-win-x64.exe (PID: 5776)
      • dotnet-runtime-8.0.14-win-x64.exe (PID: 7344)
      • dotnet-runtime-8.0.14-win-x64.exe (PID: 1184)
      • dotnet-runtime-8.0.14-win-x64.exe (PID: 7484)
      • msiexec.exe (PID: 6268)
      • dotnet-runtime-8.0.14-win-x64.exe (PID: 2084)

    • The sample compiled with english language support

      • Intel-Driver-and-Support-Assistant-Installer1.exe (PID: 7396)
      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 7756)
      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 5116)
      • windowsdesktop-runtime-8.0.14-win-x86.exe (PID: 7576)
      • windowsdesktop-runtime-8.0.14-win-x86.exe (PID: 7564)
      • windowsdesktop-runtime-8.0.14-win-x86.exe (PID: 7652)
      • windowsdesktop-runtime-8.0.14-win-x86.exe (PID: 1388)
      • msiexec.exe (PID: 6724)
      • windowsdesktop-runtime-8.0.14-win-x86.exe (PID: 7828)
      • windowsdesktop-runtime-8.0.14-win-x86.exe (PID: 7816)
      • aspnetcore-runtime-8.0.14-win-x86.exe (PID: 4884)
      • AspNetCoreSharedFrameworkBundle-x86.exe (PID: 7576)
      • dotnet-runtime-8.0.14-win-x64.exe (PID: 3956)
      • dotnet-runtime-8.0.14-win-x64.exe (PID: 7344)
      • dotnet-runtime-8.0.14-win-x64.exe (PID: 5776)
      • dotnet-runtime-8.0.14-win-x64.exe (PID: 2084)

    • Reads the computer name

      • Intel-Driver-and-Support-Assistant-Installer1.exe (PID: 7396)
      • wixprqba.exe (PID: 7432)
      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 7756)
      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 5116)
      • wixprqba.exe (PID: 6944)
      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 7268)
      • windowsdesktop-runtime-8.0.14-win-x86.exe (PID: 7576)
      • windowsdesktop-runtime-8.0.14-win-x86.exe (PID: 7564)
      • windowsdesktop-runtime-8.0.14-win-x86.exe (PID: 7652)
      • msiexec.exe (PID: 6724)
      • msiexec.exe (PID: 6676)
      • msiexec.exe (PID: 3008)
      • msiexec.exe (PID: 2908)
      • windowsdesktop-runtime-8.0.14-win-x86.exe (PID: 1388)
      • windowsdesktop-runtime-8.0.14-win-x86.exe (PID: 7948)
      • windowsdesktop-runtime-8.0.14-win-x86.exe (PID: 7828)
      • windowsdesktop-runtime-8.0.14-win-x86.exe (PID: 7816)
      • windowsdesktop-runtime-8.0.14-win-x86.exe (PID: 8008)
      • msiexec.exe (PID: 684)
      • BootstrapperUI_V2.exe (PID: 6516)
      • msiexec.exe (PID: 6372)
      • msiexec.exe (PID: 2084)
      • BootstrapperUI_V2.exe (PID: 3968)
      • aspnetcore-runtime-8.0.14-win-x86.exe (PID: 300)
      • aspnetcore-runtime-8.0.14-win-x86.exe (PID: 4884)
      • AspNetCoreSharedFrameworkBundle-x86.exe (PID: 6700)
      • AspNetCoreSharedFrameworkBundle-x86.exe (PID: 7576)
      • AspNetCoreSharedFrameworkBundle-x86.exe (PID: 8152)
      • dotnet-runtime-8.0.14-win-x64.exe (PID: 3956)
      • dotnet-runtime-8.0.14-win-x64.exe (PID: 5776)
      • dotnet-runtime-8.0.14-win-x64.exe (PID: 7344)
      • msiexec.exe (PID: 6268)

    • Create files in a temporary directory

      • Intel-Driver-and-Support-Assistant-Installer1.exe (PID: 7396)
      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 7756)
      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 5116)
      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 5112)
      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 7268)
      • windowsdesktop-runtime-8.0.14-win-x86.exe (PID: 7564)
      • windowsdesktop-runtime-8.0.14-win-x86.exe (PID: 7652)
      • windowsdesktop-runtime-8.0.14-win-x86.exe (PID: 1388)
      • windowsdesktop-runtime-8.0.14-win-x86.exe (PID: 8008)
      • windowsdesktop-runtime-8.0.14-win-x86.exe (PID: 7816)
      • aspnetcore-runtime-8.0.14-win-x86.exe (PID: 4884)
      • AspNetCoreSharedFrameworkBundle-x86.exe (PID: 6700)
      • AspNetCoreSharedFrameworkBundle-x86.exe (PID: 7576)
      • dotnet-runtime-8.0.14-win-x64.exe (PID: 7344)
      • dotnet-runtime-8.0.14-win-x64.exe (PID: 5776)
      • dotnet-runtime-8.0.14-win-x64.exe (PID: 2084)

    • Process checks computer location settings

      • Intel-Driver-and-Support-Assistant-Installer1.exe (PID: 7396)
      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 5116)
      • windowsdesktop-runtime-8.0.14-win-x86.exe (PID: 7564)
      • windowsdesktop-runtime-8.0.14-win-x86.exe (PID: 1388)
      • windowsdesktop-runtime-8.0.14-win-x86.exe (PID: 7816)
      • aspnetcore-runtime-8.0.14-win-x86.exe (PID: 4884)
      • AspNetCoreSharedFrameworkBundle-x86.exe (PID: 7576)
      • dotnet-runtime-8.0.14-win-x64.exe (PID: 7344)

    • Creates files in the program directory

      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 7756)
      • windowsdesktop-runtime-8.0.14-win-x86.exe (PID: 7652)
      • BootstrapperUI_V2.exe (PID: 6516)
      • AspNetCoreSharedFrameworkBundle-x86.exe (PID: 6700)
      • dotnet-runtime-8.0.14-win-x64.exe (PID: 5776)

    • Auto-launch of the file from Registry key

      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 7756)
      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 7268)
      • windowsdesktop-runtime-8.0.14-win-x86.exe (PID: 7652)
      • windowsdesktop-runtime-8.0.14-win-x86.exe (PID: 7948)
      • windowsdesktop-runtime-8.0.14-win-x86.exe (PID: 8008)
      • AspNetCoreSharedFrameworkBundle-x86.exe (PID: 6700)
      • AspNetCoreSharedFrameworkBundle-x86.exe (PID: 8152)
      • dotnet-runtime-8.0.14-win-x64.exe (PID: 5776)

    • Checks proxy server information

      • Intel-Driver-and-Support-Assistant-Installer1.exe (PID: 7396)
      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 5116)
      • BootstrapperUI_V2.exe (PID: 6516)
      • BootstrapperUI_V2.exe (PID: 3968)
      • slui.exe (PID: 5968)

    • Reads the machine GUID from the registry

      • Intel-Driver-and-Support-Assistant-Installer1.exe (PID: 7396)
      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 5116)
      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 7756)
      • msiexec.exe (PID: 6724)
      • windowsdesktop-runtime-8.0.14-win-x86.exe (PID: 7652)
      • windowsdesktop-runtime-8.0.14-win-x86.exe (PID: 7948)
      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 7268)
      • windowsdesktop-runtime-8.0.14-win-x86.exe (PID: 8008)
      • AspNetCoreSharedFrameworkBundle-x86.exe (PID: 6700)
      • dotnet-runtime-8.0.14-win-x64.exe (PID: 5776)

    • Reads the software policy settings

      • Intel-Driver-and-Support-Assistant-Installer1.exe (PID: 7396)
      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 5116)
      • msiexec.exe (PID: 6724)
      • slui.exe (PID: 5968)

    • Manual execution by a user

      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 5112)
      • windowsdesktop-runtime-8.0.14-win-x86.exe (PID: 7676)
      • AspNetCoreSharedFrameworkBundle-x86.exe (PID: 7624)
      • dotnet-runtime-8.0.14-win-x64.exe (PID: 1184)

    • Manages system restore points

      • SrTasks.exe (PID: 2152)

    • Creates files or folders in the user directory

      • msiexec.exe (PID: 6724)

    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 6724)

    • Creates a software uninstall entry

      • msiexec.exe (PID: 6724)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (64.6)
.dll | Win32 Dynamic Link Library (generic) (15.4)
.exe | Win32 Executable (generic) (10.5)
.exe | Generic Win/DOS Executable (4.6)
.exe | DOS Executable Generic (4.6)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:04:05 19:45:02+00:00
ImageFileCharacteristics: Executable, 32-bit, Removable run from swap, Net run from swap
PEType: PE32
LinkerVersion: 14.38
CodeSize: 483328
InitializedDataSize: 317440
UninitializedDataSize: -
EntryPoint: 0x517f0
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 25.2.15.9
ProductVersionNumber: 25.2.15.9
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: ASCII
CompanyName: Intel
FileDescription: Intel® Driver & Support Assistant
FileVersion: 25.2.15.9
InternalName: burn
OriginalFileName: Intel-Driver-and-Support-Assistant-Installer.exe
ProductName: Intel® Driver & Support Assistant
ProductVersion: 25.2.15.9
LegalCopyright: Copyright © Intel Corporation. All rights reserved.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
209
Monitored processes
73
Malicious processes
22
Suspicious processes
2

Behavior graph

Click at the process to see the details
start intel-driver-and-support-assistant-installer1.exe wixprqba.exe no specs netcoresearch.exe no specs conhost.exe no specs netcoresearch.exe no specs conhost.exe no specs netcoresearch.exe no specs conhost.exe no specs intel-driver-and-support-assistant-installer.exe SPPSurrogate no specs vssvc.exe no specs srtasks.exe no specs conhost.exe no specs intel-driver-and-support-assistant-installer.exe no specs intel-driver-and-support-assistant-installer.exe wixprqba.exe no specs netcoresearch.exe no specs conhost.exe no specs netcoresearch.exe no specs conhost.exe no specs netcoresearch.exe no specs conhost.exe no specs intel-driver-and-support-assistant-installer.exe SPPSurrogate no specs windowsdesktop-runtime-8.0.14-win-x86.exe windowsdesktop-runtime-8.0.14-win-x86.exe windowsdesktop-runtime-8.0.14-win-x86.exe msiexec.exe windowsdesktop-runtime-8.0.14-win-x86.exe no specs windowsdesktop-runtime-8.0.14-win-x86.exe no specs windowsdesktop-runtime-8.0.14-win-x86.exe msiexec.exe no specs msiexec.exe no specs msiexec.exe no specs windowsdesktop-runtime-8.0.14-win-x86.exe slui.exe windowsdesktop-runtime-8.0.14-win-x86.exe windowsdesktop-runtime-8.0.14-win-x86.exe windowsdesktop-runtime-8.0.14-win-x86.exe msiexec.exe no specs bootstrapperui_v2.exe no specs msiexec.exe no specs netcoresearch.exe no specs conhost.exe no specs netcoresearch.exe no specs conhost.exe no specs netcoresearch.exe no specs conhost.exe no specs msiexec.exe no specs bootstrapperui_v2.exe no specs netcoresearch.exe no specs conhost.exe no specs netcoresearch.exe no specs conhost.exe no specs netcoresearch.exe no specs conhost.exe no specs SPPSurrogate no specs aspnetcore-runtime-8.0.14-win-x86.exe aspnetcore-runtime-8.0.14-win-x86.exe aspnetcoresharedframeworkbundle-x86.exe SPPSurrogate no specs aspnetcoresharedframeworkbundle-x86.exe no specs aspnetcoresharedframeworkbundle-x86.exe no specs aspnetcoresharedframeworkbundle-x86.exe aspnetcoresharedframeworkbundle-x86.exe dotnet-runtime-8.0.14-win-x64.exe SPPSurrogate no specs dotnet-runtime-8.0.14-win-x64.exe dotnet-runtime-8.0.14-win-x64.exe msiexec.exe no specs dotnet-runtime-8.0.14-win-x64.exe no specs dotnet-runtime-8.0.14-win-x64.exe no specs dotnet-runtime-8.0.14-win-x64.exe

Process information

PID
CMD
Path
Indicators
Parent process
300"C:\ProgramData\Package Cache\485aab647c30901f06569b609f5d6f21443fb07fd3ccb76d1be18f738d72ebe8\aspnetcore-runtime-8.0.14-win-x86.exe" /q /norestart /ChainingPackage "Intel® Driver & Support Assistant"C:\ProgramData\Package Cache\485aab647c30901f06569b609f5d6f21443fb07fd3ccb76d1be18f738d72ebe8\aspnetcore-runtime-8.0.14-win-x86.exe
Intel-Driver-and-Support-Assistant-Installer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft ASP.NET Core 8.0.14 - Shared Framework (x86)
Exit code:
0
Version:
8.0.14.25112
Modules
Images
c:\programdata\package cache\485aab647c30901f06569b609f5d6f21443fb07fd3ccb76d1be18f738d72ebe8\aspnetcore-runtime-8.0.14-win-x86.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
684C:\Windows\syswow64\MsiExec.exe -Embedding 6A476EA4DA522773BF5C66F80E906EBCC:\Windows\SysWOW64\msiexec.exemsiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
1184"C:\ProgramData\Package Cache\{a6918640-3436-4607-9108-9b6038e680d6}\dotnet-runtime-8.0.14-win-x64.exe" /burn.runonceC:\ProgramData\Package Cache\{a6918640-3436-4607-9108-9b6038e680d6}\dotnet-runtime-8.0.14-win-x64.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft .NET Runtime - 8.0.14 (x64)
Exit code:
0
Version:
8.0.14.34611
Modules
Images
c:\programdata\package cache\{a6918640-3436-4607-9108-9b6038e680d6}\dotnet-runtime-8.0.14-win-x64.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\advapi32.dll
c:\windows\syswow64\msvcrt.dll
1272\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exenetcoresearch.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1388"C:\ProgramData\Package Cache\{f70d61fa-5d61-4582-bf8d-07dec8e4fcda}\windowsdesktop-runtime-8.0.14-win-x86.exe" -burn.clean.room="C:\ProgramData\Package Cache\{f70d61fa-5d61-4582-bf8d-07dec8e4fcda}\windowsdesktop-runtime-8.0.14-win-x86.exe" -burn.filehandle.attached=544 -burn.filehandle.self=572 /quiet /norestart /burn.log.append "C:\Users\admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_8.0.14_(x86)_20250421002733.log" /ChainingPackage "Intel® Driver & Support Assistant"C:\ProgramData\Package Cache\{f70d61fa-5d61-4582-bf8d-07dec8e4fcda}\windowsdesktop-runtime-8.0.14-win-x86.exe
windowsdesktop-runtime-8.0.14-win-x86.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Windows Desktop Runtime - 8.0.14 (x86)
Exit code:
0
Version:
8.0.14.34613
Modules
Images
c:\programdata\package cache\{f70d61fa-5d61-4582-bf8d-07dec8e4fcda}\windowsdesktop-runtime-8.0.14-win-x86.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\advapi32.dll
c:\windows\syswow64\msvcrt.dll
2084C:\Windows\syswow64\MsiExec.exe -Embedding EF700271C5BF63EAB81362BADB860BC9C:\Windows\SysWOW64\msiexec.exemsiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
2084"C:\ProgramData\Package Cache\{a6918640-3436-4607-9108-9b6038e680d6}\dotnet-runtime-8.0.14-win-x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\{a6918640-3436-4607-9108-9b6038e680d6}\dotnet-runtime-8.0.14-win-x64.exe" -burn.filehandle.attached=532 -burn.filehandle.self=560 /quiet /norestart /burn.log.append "C:\Users\admin\AppData\Local\Temp\Microsoft_.NET_Runtime_-_8.0.14_(x64)_20250421002903.log" /ChainingPackage "Intel® Driver & Support Assistant"C:\ProgramData\Package Cache\{a6918640-3436-4607-9108-9b6038e680d6}\dotnet-runtime-8.0.14-win-x64.exe
dotnet-runtime-8.0.14-win-x64.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft .NET Runtime - 8.0.14 (x64)
Version:
8.0.14.34611
Modules
Images
c:\programdata\package cache\{a6918640-3436-4607-9108-9b6038e680d6}\dotnet-runtime-8.0.14-win-x64.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\advapi32.dll
c:\windows\syswow64\msvcrt.dll
2152C:\WINDOWS\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:11C:\Windows\System32\SrTasks.exedllhost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft® Windows System Protection background tasks.
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\srtasks.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
2320"C:\Users\admin\AppData\Local\Temp\{D095C0BB-C28F-40A3-B478-5EA9F4212476}\.ba\Wix4NetfxBootstrapperExtension_X86\x86\netcoresearch.exe" runtime 8 Microsoft.AspNetCore.AppC:\Users\admin\AppData\Local\Temp\{D095C0BB-C28F-40A3-B478-5EA9F4212476}\.ba\Wix4NetfxBootstrapperExtension_X86\x86\netcoresearch.exeIntel-Driver-and-Support-Assistant-Installer.exe
User:
admin
Company:
WiX Toolset
Integrity Level:
MEDIUM
Description:
netcoresearch
Exit code:
0
Version:
5.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\{d095c0bb-c28f-40a3-b478-5ea9f4212476}\.ba\wix4netfxbootstrapperextension_x86\x86\netcoresearch.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\users\admin\appdata\local\temp\{d095c0bb-c28f-40a3-b478-5ea9f4212476}\.ba\wix4netfxbootstrapperextension_x86\x86\hostfxr.dll
2392\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeSrTasks.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
34 884
Read events
32 987
Write events
1 757
Delete events
140

Modification events

(PID) Process:(7812) dllhost.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGetSnapshots (Enter)
Value:
4800000000000000EA633F1154B2DB01841E0000981E0000D20700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(7756) Intel-Driver-and-Support-Assistant-Installer.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SystemRestore
Operation:writeName:SrCreateRp (Enter)
Value:
4000000000000000EA633F1154B2DB014C1E0000501E0000D5070000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(7812) dllhost.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppEnumGroups (Leave)
Value:
4800000000000000BD50891154B2DB01841E0000981E0000D10700000100000000000000010000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(7812) dllhost.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppCreate (Enter)
Value:
48000000000000008F198E1154B2DB01841E0000981E0000D00700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(7812) dllhost.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGetSnapshots (Leave)
Value:
48000000000000006EED861154B2DB01841E0000981E0000D20700000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(7812) dllhost.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppEnumGroups (Enter)
Value:
48000000000000006EED861154B2DB01841E0000981E0000D10700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(7812) dllhost.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP
Operation:writeName:LastIndex
Value:
11
(PID) Process:(7860) VSSVC.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\ASR Writer
Operation:writeName:IDENTIFY (Enter)
Value:
48000000000000002ED50E1254B2DB01B41E0000D01E0000E80300000100000001000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(7860) VSSVC.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\Registry Writer
Operation:writeName:IDENTIFY (Enter)
Value:
48000000000000002ED50E1254B2DB01B41E00002C1F0000E80300000100000001000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(7860) VSSVC.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\COM+ REGDB Writer
Operation:writeName:IDENTIFY (Enter)
Value:
48000000000000002ED50E1254B2DB01B41E0000341F0000E80300000100000001000000000000000000000000000000000000000000000000000000000000000000000000000000
Executable files
812
Suspicious files
146
Text files
158
Unknown types
0

Dropped files

PID
Process
Filename
Type
7396Intel-Driver-and-Support-Assistant-Installer1.exeC:\Users\admin\AppData\Local\Temp\{7B6F66D2-E714-48B2-BA2F-5ED77EA0966B}\.ba\BootstrapperUI_V2.pdbbinary
MD5:19505A97D904B55067919D69C59114B7
SHA256:47AF9EB9D2FADA509728D196EA4B185AFCA2A0235DA41FA68444E730F3F6DE59
7396Intel-Driver-and-Support-Assistant-Installer1.exeC:\Users\admin\AppData\Local\Temp\{7B6F66D2-E714-48B2-BA2F-5ED77EA0966B}\.ba\CommunityToolkit.Mvvm.dllexecutable
MD5:277B42047F081D70DE67AD09A31D8B35
SHA256:540F0F3FD0CBF1DAC653F3A4EE432EBD9365F812B74BD9986FDEAFF973F6D5CB
7396Intel-Driver-and-Support-Assistant-Installer1.exeC:\Users\admin\AppData\Local\Temp\{7B6F66D2-E714-48B2-BA2F-5ED77EA0966B}\.ba\BootstrapperUI_V2.runtimeconfig.jsonbinary
MD5:94BCC836ACB02EBF70B1D9AC60C3DA3E
SHA256:545CF61B0E7C5672E3DA3DB0945C85B28C2DC3D453C649B793C6271B26CAB521
7396Intel-Driver-and-Support-Assistant-Installer1.exeC:\Users\admin\AppData\Local\Temp\{7B6F66D2-E714-48B2-BA2F-5ED77EA0966B}\.ba\mbanative.dllexecutable
MD5:0D1702D52E86DD07C489E30B9ADBF153
SHA256:443506029D771D1598BDABF0B4F9E4D363C562AFD8FDDFE68462A0FFFE6A8138
7396Intel-Driver-and-Support-Assistant-Installer1.exeC:\Users\admin\AppData\Local\Temp\{7B6F66D2-E714-48B2-BA2F-5ED77EA0966B}\.ba\System.CodeDom.dllexecutable
MD5:027E139F08873948F55A896A178DD426
SHA256:98ED5E5DFFBFC8D540AFA10AEF8A57AB24165FAD13387E9288F2E26F51094081
7396Intel-Driver-and-Support-Assistant-Installer1.exeC:\Users\admin\AppData\Local\Temp\{7B6F66D2-E714-48B2-BA2F-5ED77EA0966B}\.ba\fr\BootstrapperUI_V2.resources.dllexecutable
MD5:096F2BA54EC195AB5AA59309CF6359C9
SHA256:CCCE58987FE8E295B364915752A251BEC86CB24C1D877C13812A38419F4E27F9
7396Intel-Driver-and-Support-Assistant-Installer1.exeC:\Users\admin\AppData\Local\Temp\{7B6F66D2-E714-48B2-BA2F-5ED77EA0966B}\.ba\BootstrapperUI_V2.exeexecutable
MD5:2577A461587CA759C49683FEC1097749
SHA256:4C961009AE13A5C9A2BC5C010201EA8A3CC10D4DB07530592F356751E561FAE0
7396Intel-Driver-and-Support-Assistant-Installer1.exeC:\Users\admin\AppData\Local\Temp\{7B6F66D2-E714-48B2-BA2F-5ED77EA0966B}\.ba\de\BootstrapperUI_V2.resources.dllexecutable
MD5:CA132A84DFEA164CEBD4130DBB38E725
SHA256:FBE8295B9C51AC14D666A6AF44AA1DF12F06CDD533A82A6BBE57897AC9889155
7396Intel-Driver-and-Support-Assistant-Installer1.exeC:\Users\admin\AppData\Local\Temp\{7B6F66D2-E714-48B2-BA2F-5ED77EA0966B}\.ba\id\BootstrapperUI_V2.resources.dllexecutable
MD5:BF97F5898683F8A453AFAA651F174399
SHA256:8CB050805E48EFE966867BB93DBCBE4B6890FA2A438A865B6657ADF0471D9F04
7396Intel-Driver-and-Support-Assistant-Installer1.exeC:\Users\admin\AppData\Local\Temp\{7B6F66D2-E714-48B2-BA2F-5ED77EA0966B}\.ba\zh-TW\BootstrapperUI_V2.resources.dllexecutable
MD5:591596E03746E5C09773FCE0EF7B9AC6
SHA256:64B9A29FD1545C6A1DB2FCA78E7E6A4E99FBACA011E72A7517C9CFF2E7994A37
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
16
TCP/UDP connections
28
DNS requests
9
Threats
4

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
HEAD
200
199.232.210.172:443
https://download.visualstudio.microsoft.com/download/pr/882d76b3-fd56-4808-a933-a3e3e30d0ccc/9b7d6a303a276deb808466a0fc8d52e6/windowsdesktop-runtime-8.0.14-win-x86.exe
unknown
HEAD
200
199.232.210.172:443
https://download.visualstudio.microsoft.com/download/pr/882d76b3-fd56-4808-a933-a3e3e30d0ccc/9b7d6a303a276deb808466a0fc8d52e6/windowsdesktop-runtime-8.0.14-win-x86.exe
unknown
6724
msiexec.exe
GET
200
2.16.241.19:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6724
msiexec.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl
unknown
whitelisted
HEAD
200
199.232.210.172:443
https://download.visualstudio.microsoft.com/download/pr/62a830a9-9853-4afb-b23e-d0e35039ce86/6f7455b2509928536299f6b75c00633b/aspnetcore-runtime-8.0.14-win-x86.exe
unknown
HEAD
200
199.232.210.172:443
https://download.visualstudio.microsoft.com/download/pr/d90eedfa-ee55-4748-b672-9f01fdc5cba7/6fe60c798e09d343e9ed7621d094eba3/dotnet-runtime-8.0.14-win-x64.exe
unknown
HEAD
302
23.35.229.160:443
https://go.microsoft.com/fwlink/?LinkId=863262
unknown
HEAD
200
199.232.210.172:443
https://download.visualstudio.microsoft.com/download/pr/1f5af042-d0e4-4002-9c59-9ba66bcf15f6/124d2afe5c8f67dfa910da5f9e3db9c1/ndp472-kb4054531-web.exe
unknown
GET
302
23.35.229.160:443
https://go.microsoft.com/fwlink/?LinkId=863262
unknown
GET
200
199.232.214.172:443
https://download.visualstudio.microsoft.com/download/pr/882d76b3-fd56-4808-a933-a3e3e30d0ccc/9b7d6a303a276deb808466a0fc8d52e6/windowsdesktop-runtime-8.0.14-win-x86.exe
unknown
executable
51.2 Mb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
2104
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
7396
Intel-Driver-and-Support-Assistant-Installer1.exe
199.232.214.172:443
download.visualstudio.microsoft.com
FASTLY
US
whitelisted
5116
Intel-Driver-and-Support-Assistant-Installer.exe
199.232.210.172:443
download.visualstudio.microsoft.com
FASTLY
US
whitelisted
6724
msiexec.exe
2.16.241.19:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
6724
msiexec.exe
2.23.246.101:80
www.microsoft.com
Ooredoo Q.S.C.
QA
whitelisted
780
slui.exe
20.83.72.98:443
activation-v2.sls.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7396
Intel-Driver-and-Support-Assistant-Installer1.exe
69.192.162.125:443
go.microsoft.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
whitelisted
google.com
  • 216.58.206.46
whitelisted
download.visualstudio.microsoft.com
  • 199.232.214.172
  • 199.232.210.172
whitelisted
crl.microsoft.com
  • 2.16.241.19
  • 2.16.241.12
whitelisted
www.microsoft.com
  • 2.23.246.101
whitelisted
activation-v2.sls.microsoft.com
  • 20.83.72.98
whitelisted
go.microsoft.com
  • 69.192.162.125
whitelisted
dsadata.intel.com
  • 23.48.23.30
  • 23.48.23.7
whitelisted

Threats

PID
Process
Class
Message
Potential Corporate Privacy Violation
ET INFO PE EXE or DLL Windows file download HTTP
Misc activity
ET INFO EXE - Served Attached HTTP
Misc activity
ET INFO EXE - Served Attached HTTP
Potential Corporate Privacy Violation
ET INFO PE EXE or DLL Windows file download HTTP
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Intel-Driver-and-Support-Assistant-Installer1.exe