File name:

Intel-Driver-and-Support-Assistant-Installer.exe

Full analysis: https://app.any.run/tasks/9735ee0a-4acd-4de9-ae94-4351a36e4965
Verdict: Malicious activity
Analysis date: March 01, 2025, 16:44:47
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
python
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 7 sections
MD5:

E0F321774478AB9E04D5FA9FC5A3F129

SHA1:

3C8E43E60FB36A847970D2498DC39417AD655A64

SHA256:

EB0F64839742EDF69A72EA0C9C8106CD66EFF7DFE9BF2F8EDB6F789DE90DB9FE

SSDEEP:

98304:wiwhXS8ps612uYKmRDy+bdM/YUbkPr2vDSLoyb8bXOulT1SjBu7Ue7XuBIN0qkUN:keWVvFrZL95

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 5668)

    • Uses Task Scheduler to run other applications

      • cmd.exe (PID: 4628)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 3332)
      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 5668)
      • cmd.exe (PID: 7228)

    • Process drops legitimate windows executable

      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 3332)
      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 5668)
      • msiexec.exe (PID: 6112)

    • Reads security settings of Internet Explorer

      • BootstrapperUI_V2.exe (PID: 616)
      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 3332)
      • SurSvc.exe (PID: 7844)
      • DSATray.exe (PID: 7996)
      • SurSvc.exe (PID: 6540)
      • DSAServiceHelper.exe (PID: 4452)
      • esrv.exe (PID: 2084)
      • SurSvc.exe (PID: 9644)
      • ShellExperienceHost.exe (PID: 10072)

    • Executes as Windows Service

      • VSSVC.exe (PID: 7576)
      • DSAService.exe (PID: 8132)
      • DSAUpdateService.exe (PID: 8100)
      • SurSvc.exe (PID: 6540)
      • esrv_svc.exe (PID: 8080)
      • IntelSoftwareAssetManagerService.exe (PID: 924)
      • esrv_svc.exe (PID: 9296)
      • WmiApSrv.exe (PID: 9404)

    • Creates a software uninstall entry

      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 5668)

    • Searches for installed software

      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 3332)
      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 5668)
      • dllhost.exe (PID: 7472)
      • SurSvc.exe (PID: 7844)
      • IntelSoftwareAssetManagerService.exe (PID: 924)

    • Checks Windows Trust Settings

      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 3332)
      • msiexec.exe (PID: 6112)
      • SurSvc.exe (PID: 7844)
      • task.exe (PID: 7284)
      • esrv_svc.exe (PID: 8080)
      • esrv.exe (PID: 2084)
      • IntelSoftwareAssetManagerService.exe (PID: 924)
      • esrv.exe (PID: 7796)

    • Mutex name with non-standard characters

      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 5668)
      • msiexec.exe (PID: 6112)

    • Reads the Windows owner or organization settings

      • msiexec.exe (PID: 6112)

    • Starts CMD.EXE for commands execution

      • msiexec.exe (PID: 6324)
      • SurSvc.exe (PID: 7844)
      • cmd.exe (PID: 4628)
      • SurSvc.exe (PID: 6540)
      • wscript.exe (PID: 8076)
      • msiexec.exe (PID: 7500)
      • SurSvc.exe (PID: 9644)
      • cmd.exe (PID: 4300)

    • Process drops python dynamic module

      • msiexec.exe (PID: 6112)

    • Process drops SQLite DLL files

      • msiexec.exe (PID: 6112)

    • Drops a system driver (possible attempt to evade defenses)

      • msiexec.exe (PID: 6112)
      • cmd.exe (PID: 7228)

    • The process drops C-runtime libraries

      • msiexec.exe (PID: 6112)

    • Uses ICACLS.EXE to modify access control lists

      • msiexec.exe (PID: 6324)

    • Executing commands from a ".bat" file

      • SurSvc.exe (PID: 7844)
      • SurSvc.exe (PID: 6540)
      • wscript.exe (PID: 8076)
      • SurSvc.exe (PID: 9644)

    • Reads the date of Windows installation

      • SurSvc.exe (PID: 7844)
      • SurSvc.exe (PID: 6540)
      • DSAServiceHelper.exe (PID: 4452)
      • SurSvc.exe (PID: 9644)

    • Creates files in the driver directory

      • DSAService.exe (PID: 8132)
      • cmd.exe (PID: 7228)

    • Application launched itself

      • cmd.exe (PID: 4628)
      • cmd.exe (PID: 4300)

    • Uses REG/REGEDIT.EXE to modify registry

      • cmd.exe (PID: 4628)
      • cmd.exe (PID: 9624)
      • cmd.exe (PID: 4300)

    • Starts application with an unusual extension

      • cmd.exe (PID: 4628)
      • cmd.exe (PID: 7228)
      • cmd.exe (PID: 4300)

    • Creates or modifies Windows services

      • esrv_svc.exe (PID: 7852)
      • reg.exe (PID: 7204)
      • SurSvc.exe (PID: 7844)
      • esrv_svc.exe (PID: 7784)
      • reg.exe (PID: 7500)

    • Uses TIMEOUT.EXE to delay execution

      • cmd.exe (PID: 4628)
      • cmd.exe (PID: 7228)

    • Windows service management via SC.EXE

      • sc.exe (PID: 7824)
      • sc.exe (PID: 5504)
      • sc.exe (PID: 5740)
      • sc.exe (PID: 6344)
      • sc.exe (PID: 7440)
      • sc.exe (PID: 8040)
      • sc.exe (PID: 8400)
      • sc.exe (PID: 1272)
      • sc.exe (PID: 2516)
      • sc.exe (PID: 6488)

    • Starts SC.EXE for service management

      • cmd.exe (PID: 7228)
      • esrv.exe (PID: 2084)
      • cmd.exe (PID: 4300)

    • Loads Python modules

      • IntelSoftwareAssetManagerService.exe (PID: 924)

    • Runs shell command (SCRIPT)

      • wscript.exe (PID: 8076)

    • The process checks if it is being run in the virtual environment

      • esrv_svc.exe (PID: 8080)
      • esrv.exe (PID: 2084)
      • msiexec.exe (PID: 6112)
      • esrv.exe (PID: 7796)

    • Reads the BIOS version

      • esrv_svc.exe (PID: 8080)
      • esrv.exe (PID: 2084)
      • esrv.exe (PID: 7796)

    • The process executes via Task Scheduler

      • wscript.exe (PID: 8076)

    • Runs WScript without displaying logo

      • wscript.exe (PID: 8076)

    • Detected use of alternative data streams (AltDS)

      • esrv_svc.exe (PID: 8080)

    • Stops a currently running service

      • sc.exe (PID: 5048)

    • Hides command output

      • cmd.exe (PID: 6036)
      • cmd.exe (PID: 7956)
      • cmd.exe (PID: 7488)
      • cmd.exe (PID: 6032)
      • cmd.exe (PID: 4408)
      • cmd.exe (PID: 8384)
      • cmd.exe (PID: 8800)
      • cmd.exe (PID: 9624)
      • cmd.exe (PID: 8536)
      • cmd.exe (PID: 7752)
      • cmd.exe (PID: 7460)
      • cmd.exe (PID: 1328)
      • cmd.exe (PID: 7440)
      • cmd.exe (PID: 9800)
      • cmd.exe (PID: 7520)
      • cmd.exe (PID: 9808)
      • cmd.exe (PID: 9652)
      • cmd.exe (PID: 9240)
      • cmd.exe (PID: 9280)

    • Deletes scheduled task without confirmation

      • schtasks.exe (PID: 9892)

  • INFO

    • Checks supported languages

      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 3332)
      • BootstrapperUI_V2.exe (PID: 616)
      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 5668)
      • msiexec.exe (PID: 6112)
      • DSAService.exe (PID: 8132)
      • DSAUpdateService.exe (PID: 8100)
      • msiexec.exe (PID: 7292)
      • msiexec.exe (PID: 4436)
      • msiexec.exe (PID: 6324)
      • SurSvc.exe (PID: 7316)
      • msiexec.exe (PID: 7276)
      • SurSvc.exe (PID: 7844)
      • chcp.com (PID: 5548)
      • esrv_svc.exe (PID: 7852)
      • SurSvc.exe (PID: 6540)
      • esrv_svc.exe (PID: 7784)
      • DSAArcDetect64.exe (PID: 6344)
      • DSATray.exe (PID: 7996)
      • chcp.com (PID: 6960)
      • IntelSoftwareAssetManagerService.exe (PID: 924)
      • esrv_svc.exe (PID: 8080)
      • task.exe (PID: 7284)
      • esrv.exe (PID: 2084)
      • DSATray.exe (PID: 8276)
      • DSAServiceHelper.exe (PID: 4452)
      • esrv_svc.exe (PID: 9296)
      • ShellExperienceHost.exe (PID: 10072)
      • msiexec.exe (PID: 7500)
      • msiexec.exe (PID: 2564)
      • SurSvc.exe (PID: 9644)
      • identity_helper.exe (PID: 9828)
      • chcp.com (PID: 5964)
      • esrv.exe (PID: 7796)
      • esrv_svc.exe (PID: 7052)
      • esrv_svc.exe (PID: 7584)
      • identity_helper.exe (PID: 7436)

    • The sample compiled with english language support

      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 3332)
      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 5668)
      • msiexec.exe (PID: 6112)
      • cmd.exe (PID: 7228)

    • Create files in a temporary directory

      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 3332)
      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 5668)

    • Reads the computer name

      • BootstrapperUI_V2.exe (PID: 616)
      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 3332)
      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 5668)
      • msiexec.exe (PID: 6112)
      • DSAService.exe (PID: 8132)
      • DSAUpdateService.exe (PID: 8100)
      • msiexec.exe (PID: 7292)
      • msiexec.exe (PID: 4436)
      • msiexec.exe (PID: 6324)
      • msiexec.exe (PID: 7276)
      • SurSvc.exe (PID: 7316)
      • SurSvc.exe (PID: 7844)
      • esrv_svc.exe (PID: 7852)
      • esrv_svc.exe (PID: 7784)
      • DSAArcDetect64.exe (PID: 6344)
      • DSATray.exe (PID: 7996)
      • SurSvc.exe (PID: 6540)
      • IntelSoftwareAssetManagerService.exe (PID: 924)
      • esrv_svc.exe (PID: 8080)
      • task.exe (PID: 7284)
      • esrv.exe (PID: 2084)
      • DSATray.exe (PID: 8276)
      • DSAServiceHelper.exe (PID: 4452)
      • ShellExperienceHost.exe (PID: 10072)
      • esrv_svc.exe (PID: 9296)
      • identity_helper.exe (PID: 9828)
      • msiexec.exe (PID: 7500)
      • msiexec.exe (PID: 2564)
      • SurSvc.exe (PID: 9644)
      • esrv.exe (PID: 7796)
      • esrv_svc.exe (PID: 7584)
      • esrv_svc.exe (PID: 7052)
      • identity_helper.exe (PID: 7436)

    • Disables trace logs

      • BootstrapperUI_V2.exe (PID: 616)
      • DSAService.exe (PID: 8132)
      • SurSvc.exe (PID: 6540)

    • Checks proxy server information

      • BootstrapperUI_V2.exe (PID: 616)
      • BackgroundTransferHost.exe (PID: 7720)
      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 3332)
      • esrv.exe (PID: 2084)

    • Reads the machine GUID from the registry

      • BootstrapperUI_V2.exe (PID: 616)
      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 5668)
      • msiexec.exe (PID: 6112)
      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 3332)
      • SurSvc.exe (PID: 7844)
      • DSATray.exe (PID: 7996)
      • DSAArcDetect64.exe (PID: 6344)
      • SurSvc.exe (PID: 6540)
      • DSAService.exe (PID: 8132)
      • esrv_svc.exe (PID: 8080)
      • task.exe (PID: 7284)
      • DSAServiceHelper.exe (PID: 4452)
      • DSATray.exe (PID: 8276)
      • esrv.exe (PID: 2084)
      • IntelSoftwareAssetManagerService.exe (PID: 924)
      • SurSvc.exe (PID: 9644)
      • esrv.exe (PID: 7796)

    • Reads security settings of Internet Explorer

      • BackgroundTransferHost.exe (PID: 7504)
      • BackgroundTransferHost.exe (PID: 7720)
      • BackgroundTransferHost.exe (PID: 7888)
      • BackgroundTransferHost.exe (PID: 8112)
      • BackgroundTransferHost.exe (PID: 7364)

    • Reads the software policy settings

      • BackgroundTransferHost.exe (PID: 7720)
      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 3332)
      • msiexec.exe (PID: 6112)
      • DSAService.exe (PID: 8132)
      • SurSvc.exe (PID: 7844)
      • SurSvc.exe (PID: 6540)
      • BootstrapperUI_V2.exe (PID: 616)
      • esrv_svc.exe (PID: 8080)
      • task.exe (PID: 7284)
      • esrv.exe (PID: 2084)
      • slui.exe (PID: 2088)
      • IntelSoftwareAssetManagerService.exe (PID: 924)
      • esrv.exe (PID: 7796)

    • Creates files or folders in the user directory

      • BackgroundTransferHost.exe (PID: 7720)
      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 3332)
      • msiexec.exe (PID: 6112)
      • esrv.exe (PID: 2084)

    • Creates files in the program directory

      • BootstrapperUI_V2.exe (PID: 616)
      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 5668)
      • DSAService.exe (PID: 8132)
      • SurSvc.exe (PID: 7844)
      • DSATray.exe (PID: 7996)
      • cmd.exe (PID: 4628)
      • cmd.exe (PID: 7228)
      • DSAServiceHelper.exe (PID: 4452)
      • cmd.exe (PID: 4300)
      • esrv.exe (PID: 7796)

    • Process checks computer location settings

      • Intel-Driver-and-Support-Assistant-Installer.exe (PID: 3332)
      • DSAServiceHelper.exe (PID: 4452)
      • BootstrapperUI_V2.exe (PID: 616)

    • Manages system restore points

      • SrTasks.exe (PID: 8012)

    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 6112)

    • Creates a software uninstall entry

      • msiexec.exe (PID: 6112)

    • Application launched itself

      • msiexec.exe (PID: 6112)
      • msedge.exe (PID: 8580)
      • msedge.exe (PID: 6040)

    • SQLite executable

      • msiexec.exe (PID: 6112)

    • Reads CPU info

      • SurSvc.exe (PID: 7316)
      • SurSvc.exe (PID: 7844)
      • SurSvc.exe (PID: 6540)
      • esrv_svc.exe (PID: 8080)
      • SurSvc.exe (PID: 9644)

    • Changes the display of characters in the console

      • cmd.exe (PID: 4628)
      • cmd.exe (PID: 7228)
      • cmd.exe (PID: 4300)

    • Reads product name

      • DSAService.exe (PID: 8132)

    • Reads Environment values

      • DSAService.exe (PID: 8132)

    • Reads the time zone

      • esrv_svc.exe (PID: 8080)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (64.6)
.dll | Win32 Dynamic Link Library (generic) (15.4)
.exe | Win32 Executable (generic) (10.5)
.exe | Generic Win/DOS Executable (4.6)
.exe | DOS Executable Generic (4.6)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:04:05 19:45:02+00:00
ImageFileCharacteristics: Executable, 32-bit, Removable run from swap, Net run from swap
PEType: PE32
LinkerVersion: 14.38
CodeSize: 483328
InitializedDataSize: 317440
UninitializedDataSize: -
EntryPoint: 0x517f0
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 25.1.9.6
ProductVersionNumber: 25.1.9.6
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: ASCII
CompanyName: Intel
FileDescription: Intel® Driver & Support Assistant
FileVersion: 25.1.9.6
InternalName: burn
OriginalFileName: Intel-Driver-and-Support-Assistant-Installer.exe
ProductName: Intel® Driver & Support Assistant
ProductVersion: 25.1.9.6
LegalCopyright: Copyright © Intel Corporation. All rights reserved.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
393
Monitored processes
249
Malicious processes
21
Suspicious processes
3

Behavior graph

Click at the process to see the details
start intel-driver-and-support-assistant-installer.exe bootstrapperui_v2.exe sppextcomobj.exe no specs slui.exe backgroundtransferhost.exe no specs backgroundtransferhost.exe backgroundtransferhost.exe no specs backgroundtransferhost.exe no specs backgroundtransferhost.exe no specs intel-driver-and-support-assistant-installer.exe SPPSurrogate no specs vssvc.exe no specs srtasks.exe no specs conhost.exe no specs msiexec.exe dsaservice.exe dsaupdateservice.exe no specs msiexec.exe no specs msiexec.exe no specs msiexec.exe no specs cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs msiexec.exe no specs cmd.exe no specs conhost.exe no specs sursvc.exe no specs sursvc.exe cmd.exe no specs conhost.exe no specs chcp.com no specs choice.exe no specs choice.exe no specs reg.exe no specs find.exe no specs reg.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs reg.exe no specs esrv_svc.exe no specs esrv_svc.exe no specs reg.exe no specs schtasks.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs reg.exe no specs timeout.exe no specs dsaarcdetect64.exe no specs conhost.exe no specs timeout.exe no specs timeout.exe no specs dsatray.exe no specs sursvc.exe cmd.exe conhost.exe no specs chcp.com no specs choice.exe no specs choice.exe no specs timeout.exe no specs timeout.exe no specs intelsoftwareassetmanagerservice.exe sc.exe no specs find.exe no specs sc.exe no specs find.exe no specs sc.exe no specs find.exe no specs sc.exe no specs find.exe no specs sc.exe no specs esrv_svc.exe schtasks.exe no specs wscript.exe no specs cmd.exe no specs conhost.exe no specs task.exe no specs esrv.exe dsaservicehelper.exe no specs dsatray.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs sc.exe no specs esrv_svc.exe no specs wmiapsrv.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs shellexperiencehost.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs slui.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msiexec.exe no specs msiexec.exe no specs msiexec.exe no specs cmd.exe no specs conhost.exe no specs sursvc.exe no specs cmd.exe no specs conhost.exe no specs chcp.com no specs choice.exe no specs sc.exe no specs cmd.exe no specs reg.exe no specs find.exe no specs esrv.exe no specs esrv_svc.exe no specs esrv_svc.exe no specs reg.exe no specs schtasks.exe no specs reg.exe no specs cmd.exe no specs reg.exe no specs cmd.exe no specs reg.exe no specs cmd.exe no specs reg.exe no specs cmd.exe no specs reg.exe no specs cmd.exe no specs reg.exe no specs cmd.exe no specs reg.exe no specs cmd.exe no specs reg.exe no specs cmd.exe no specs reg.exe no specs cmd.exe no specs reg.exe no specs cmd.exe no specs reg.exe no specs cmd.exe no specs reg.exe no specs cmd.exe no specs reg.exe no specs cmd.exe no specs reg.exe no specs cmd.exe no specs reg.exe no specs cmd.exe no specs reg.exe no specs cmd.exe no specs reg.exe no specs cmd.exe no specs reg.exe no specs cmd.exe no specs reg.exe no specs cmd.exe no specs reg.exe no specs cmd.exe no specs reg.exe no specs sc.exe no specs find.exe no specs sc.exe no specs find.exe no specs sc.exe no specs find.exe no specs sc.exe no specs find.exe no specs cmd.exe no specs find.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
208C:\WINDOWS\System32\cmd.exe /S /D /c" set /p ="il='C:\\Program Files\\Intel\\SUR\\QUEENCREEK\\x64\\intel_csme_input.dll','start_at=8' ""C:\Windows\System32\cmd.execmd.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows Command Processor
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
208C:\WINDOWS\System32\cmd.exe /S /D /c" echo("C:\Windows\System32\cmd.execmd.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
616"C:\Users\admin\AppData\Local\Temp\{5AEAD08F-660B-4E3E-A7B8-64436F6B60CD}\.ba\BootstrapperUI_V2.exe" -burn.ba.apiver 569705357157400576 -burn.ba.pipe BurnPipe.{E0DB4E88-966A-45F3-A271-4D1A87B05DF1} {7705A2D8-69A9-425D-8029-0AE2E336253D}C:\Users\admin\AppData\Local\Temp\{5AEAD08F-660B-4E3E-A7B8-64436F6B60CD}\.ba\BootstrapperUI_V2.exe
Intel-Driver-and-Support-Assistant-Installer.exe
User:
admin
Company:
Intel
Integrity Level:
MEDIUM
Description:
BootstrapperUI
Exit code:
0
Version:
25.1.9.6
Modules
Images
c:\users\admin\appdata\local\temp\{5aead08f-660b-4e3e-a7b8-64436f6b60cd}\.ba\bootstrapperui_v2.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\mscoree.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
680"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4048 --field-trial-handle=2360,i,2011492648071837953,11537997161860033479,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
900C:\WINDOWS\System32\cmd.exe /S /D /c" DIR "C:\WINDOWS\System32\drivers\semav6msr64.sys" "C:\Windows\System32\cmd.execmd.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
924"C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe"C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe
services.exe
User:
SYSTEM
Company:
Intel Corporation
Integrity Level:
SYSTEM
Description:
IntelSoftwareAssetManagerService.exe
Version:
3.5.5085
Modules
Images
c:\program files\intel\sur\queencreek\updater\bin\intelsoftwareassetmanagerservice.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\win32u.dll
928C:\WINDOWS\System32\cmd.exe /S /D /c" echo("C:\Windows\System32\cmd.execmd.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
960\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1116find "0x1"C:\Windows\System32\find.execmd.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Find String (grep) Utility
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\find.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ulib.dll
c:\windows\system32\fsutilext.dll
1116C:\WINDOWS\System32\cmd.exe /S /D /c" echo("C:\Windows\System32\cmd.execmd.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
Total events
73 210
Read events
72 026
Write events
1 049
Delete events
135

Modification events

(PID) Process:(616) BootstrapperUI_V2.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\BootstrapperUI_V2_RASAPI32
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(616) BootstrapperUI_V2.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\BootstrapperUI_V2_RASAPI32
Operation:writeName:EnableAutoFileTracing
Value:
0
(PID) Process:(616) BootstrapperUI_V2.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\BootstrapperUI_V2_RASAPI32
Operation:writeName:EnableConsoleTracing
Value:
0
(PID) Process:(616) BootstrapperUI_V2.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\BootstrapperUI_V2_RASAPI32
Operation:writeName:FileTracingMask
Value:
(PID) Process:(616) BootstrapperUI_V2.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\BootstrapperUI_V2_RASAPI32
Operation:writeName:ConsoleTracingMask
Value:
(PID) Process:(616) BootstrapperUI_V2.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\BootstrapperUI_V2_RASAPI32
Operation:writeName:MaxFileSize
Value:
1048576
(PID) Process:(616) BootstrapperUI_V2.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\BootstrapperUI_V2_RASAPI32
Operation:writeName:FileDirectory
Value:
%windir%\tracing
(PID) Process:(616) BootstrapperUI_V2.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\BootstrapperUI_V2_RASMANCS
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(616) BootstrapperUI_V2.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\BootstrapperUI_V2_RASMANCS
Operation:writeName:EnableAutoFileTracing
Value:
0
(PID) Process:(616) BootstrapperUI_V2.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\BootstrapperUI_V2_RASMANCS
Operation:writeName:EnableConsoleTracing
Value:
0
Executable files
317
Suspicious files
493
Text files
136
Unknown types
0

Dropped files

PID
Process
Filename
Type
3332Intel-Driver-and-Support-Assistant-Installer.exeC:\Users\admin\AppData\Local\Temp\{5AEAD08F-660B-4E3E-A7B8-64436F6B60CD}\.ba\BootstrapperUI_V2.exeexecutable
MD5:AE292B0516F181B1C64AE36540EA6A9B
SHA256:D4A8C5CB0CEE17C8C46C657C4BC65F825F7142D526F5DB85FFB4C679598559D0
3332Intel-Driver-and-Support-Assistant-Installer.exeC:\Users\admin\AppData\Local\Temp\{5AEAD08F-660B-4E3E-A7B8-64436F6B60CD}\.ba\pt-BR\BootstrapperUI_V2.resources.dllexecutable
MD5:27923C93450AFA8CD342D96B7C98AF51
SHA256:F8A250D1478ECCDD3BF832D69E17EABAF0A5727EF89A7B89CAC49D7747F4DCD6
3332Intel-Driver-and-Support-Assistant-Installer.exeC:\Users\admin\AppData\Local\Temp\{5AEAD08F-660B-4E3E-A7B8-64436F6B60CD}\.ba\ja\BootstrapperUI_V2.resources.dllexecutable
MD5:18759FB666DFCB39AFEB2AED2C5D4703
SHA256:59A262DC189865D899DCF37CE2A163AB9B53AFD66B92827A890AEB4C31496A3A
3332Intel-Driver-and-Support-Assistant-Installer.exeC:\Users\admin\AppData\Local\Temp\{5AEAD08F-660B-4E3E-A7B8-64436F6B60CD}\.ba\ko\BootstrapperUI_V2.resources.dllexecutable
MD5:09E18EEF4D09EA333B0E6E542ADCDAD0
SHA256:1BE5227749A48FB7AC2B0D5C41AC013476FFABC466D63A92F13677680EB88F11
3332Intel-Driver-and-Support-Assistant-Installer.exeC:\Users\admin\AppData\Local\Temp\{5AEAD08F-660B-4E3E-A7B8-64436F6B60CD}\.ba\id\BootstrapperUI_V2.resources.dllexecutable
MD5:076AFBC50DC5BF618724FD717946453B
SHA256:5F940C5C75660B3A8D93C3812DE585BADDB1DBB46096DFD2BECA3AEB4F58D887
3332Intel-Driver-and-Support-Assistant-Installer.exeC:\Users\admin\AppData\Local\Temp\{5AEAD08F-660B-4E3E-A7B8-64436F6B60CD}\.ba\de\BootstrapperUI_V2.resources.dllexecutable
MD5:A95685433782AF86EB7EC5282C4E2729
SHA256:F0CC48B31775344A584A49CAE70FA7A8A7155CFFE120C6EF483E9DC28A6F32FC
3332Intel-Driver-and-Support-Assistant-Installer.exeC:\Users\admin\AppData\Local\Temp\{5AEAD08F-660B-4E3E-A7B8-64436F6B60CD}\.ba\fr\BootstrapperUI_V2.resources.dllexecutable
MD5:BA9D4A6DB79DD8D5BD75E38B4F985B5B
SHA256:AA47ED3D11C513CFC5BD56644B38667FF32842A6DA2BF9687861115E1BF90440
3332Intel-Driver-and-Support-Assistant-Installer.exeC:\Users\admin\AppData\Local\Temp\{5AEAD08F-660B-4E3E-A7B8-64436F6B60CD}\.ba\System.Buffers.dllexecutable
MD5:CAB4550E3BF227432397D63E2098E5A9
SHA256:FD3253644043128AF5E0F35303EA5D4FA448183DFCC3345513D79A8FD7969BB1
3332Intel-Driver-and-Support-Assistant-Installer.exeC:\Users\admin\AppData\Local\Temp\{5AEAD08F-660B-4E3E-A7B8-64436F6B60CD}\.ba\System.Memory.dllexecutable
MD5:E1F0378D3545F4FC815F4F32614152A4
SHA256:4A61C97BB48A9358A4FB9AFF89F886060C62AA61AD24B807528029D3A3E6642B
3332Intel-Driver-and-Support-Assistant-Installer.exeC:\Users\admin\AppData\Local\Temp\{5AEAD08F-660B-4E3E-A7B8-64436F6B60CD}\.ba\es\BootstrapperUI_V2.resources.dllexecutable
MD5:B7D83EA4F49F14D982AC0969975F3966
SHA256:B97F3E717C0213A464E1801618493916BEB63007D6A57C83A418EB7DC43426F9
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
28
TCP/UDP connections
101
DNS requests
85
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
7780
SIHClient.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
7780
SIHClient.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
7720
BackgroundTransferHost.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
3332
Intel-Driver-and-Support-Assistant-Installer.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEApDqVCbATUviZV57HIIulA%3D
unknown
whitelisted
3332
Intel-Driver-and-Support-Assistant-Installer.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
3332
Intel-Driver-and-Support-Assistant-Installer.exe
GET
200
172.64.149.23:80
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSr83eyJy3njhjVpn5bEpfc6MXawQQUOuEJhtTPGcKWdnRJdtzgNcZjY5oCEDW%2BdGOMs%2BneKAVwt5eAs2c%3D
unknown
whitelisted
3332
Intel-Driver-and-Support-Assistant-Installer.exe
GET
200
172.64.149.23:80
http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEFZnHQTqT5lMbxCBR1nSdZQ%3D
unknown
whitelisted
6112
msiexec.exe
GET
200
172.64.149.23:80
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEAJ8OQEMp1rDOrXuDVQO%2BeU%3D
unknown
whitelisted
6112
msiexec.exe
GET
200
172.64.149.23:80
http://ocsp.sectigo.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSdE3gf41WAic8Uh9lF92%2BIJqh5qwQUMuuSmv81lkgvKEBCcCA2kVwXheYCEGIdbQxSAZ47kHkVIIkhHAo%3D
unknown
whitelisted
6112
msiexec.exe
GET
200
172.64.149.23:80
http://ocsp.sectigo.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBQVD%2BnGf79Hpedv3mhy6uKMVZkPCQQUDyrLIIcouOxvSK4rVKYpqhekzQwCEQDevLVOPyKjTcl8PoK9arwe
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
6544
svchost.exe
20.190.159.2:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
3216
svchost.exe
40.113.110.67:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
3008
backgroundTaskHost.exe
184.86.251.9:443
www.bing.com
Akamai International B.V.
DE
whitelisted
2040
backgroundTaskHost.exe
20.223.35.26:443
arc.msn.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2040
backgroundTaskHost.exe
20.103.156.88:443
fd.api.iris.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6564
backgroundTaskHost.exe
20.223.35.26:443
arc.msn.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2104
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.185.110
whitelisted
settings-win.data.microsoft.com
  • 40.127.240.158
  • 51.104.136.2
whitelisted
login.live.com
  • 20.190.159.2
  • 40.126.31.71
  • 20.190.159.68
  • 40.126.31.69
  • 20.190.159.75
  • 20.190.159.128
  • 40.126.31.128
  • 20.190.159.130
whitelisted
client.wns.windows.com
  • 40.113.110.67
whitelisted
www.bing.com
  • 184.86.251.9
  • 184.86.251.4
  • 184.86.251.13
  • 184.86.251.27
  • 184.86.251.20
  • 184.86.251.22
  • 184.86.251.14
  • 184.86.251.12
  • 184.86.251.23
  • 184.86.251.24
  • 184.86.251.21
whitelisted
arc.msn.com
  • 20.223.35.26
whitelisted
fd.api.iris.microsoft.com
  • 20.103.156.88
whitelisted
ocsp.digicert.com
  • 2.23.77.188
whitelisted
slscr.update.microsoft.com
  • 4.245.163.56
whitelisted
www.microsoft.com
  • 2.23.246.101
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Intel-Driver-and-Support-Assistant-Installer.exe