File name:

OneDrivePatcher.exe

Full analysis: https://app.any.run/tasks/efb21e5d-89fb-4ef8-b417-707a24aa48c0
Verdict: Malicious activity
Analysis date: April 29, 2026, 19:19:16
OS: Windows 10 Professional (build: 19044, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32+ executable (GUI) x86-64, for MS Windows, 8 sections
MD5:

66DB277946BCB8F35AF53B8CA2FB2346

SHA1:

EC95C33E6C2CDC99678146ABF9DF71B0959EBB2C

SHA256:

12A06CAF41711A04BDC9D4184419BA30B165964AFB445E9D27B7E40DC46566C2

SSDEEP:

98304:a7I+OFUxSKB0tyI5K7w4PsbfQojVibqlEHW7IMRk/HxP5jRzMlS:lFMRWSZV

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Executing a file with an untrusted certificate

      • OneDrivePatcher.exe (PID: 7188)
      • FileSyncConfig.exe (PID: 9212)

    • Changes the autorun value in the registry

      • OneDriveSetup.exe (PID: 9092)

  • SUSPICIOUS

    • Creates/Modifies COM task schedule object

      • OneDrive.exe (PID: 8792)
      • OneDriveSetup.exe (PID: 9092)

    • Application launched itself

      • OneDriveSetup.exe (PID: 9052)

    • Executable content was dropped or overwritten

      • OneDriveSetup.exe (PID: 9092)

    • The process creates files with name similar to system file names

      • OneDriveSetup.exe (PID: 9092)

    • The process drops C-runtime libraries

      • OneDriveSetup.exe (PID: 9092)

  • INFO

    • Process checks computer location settings

      • OneDrive.exe (PID: 8792)
      • OneDriveSetup.exe (PID: 9092)

    • Creates files or folders in the user directory

      • OneDriveSetup.exe (PID: 9052)
      • OneDrive.exe (PID: 8792)
      • OneDriveSetup.exe (PID: 9092)
      • OneDrive.exe (PID: 8272)

    • Reads security settings of Internet Explorer

      • OneDriveSetup.exe (PID: 9052)
      • OneDrive.exe (PID: 8792)
      • OneDriveSetup.exe (PID: 9092)

    • Checks supported languages

      • OneDriveSetup.exe (PID: 9052)
      • OneDrive.exe (PID: 8792)
      • OneDriveSetup.exe (PID: 9092)
      • FileSyncConfig.exe (PID: 9212)
      • OneDrive.exe (PID: 8272)

    • Reads the computer name

      • OneDriveSetup.exe (PID: 9052)
      • OneDrive.exe (PID: 8792)
      • OneDriveSetup.exe (PID: 9092)
      • OneDrive.exe (PID: 8272)

    • Reads the machine GUID from the registry

      • OneDriveSetup.exe (PID: 9052)
      • OneDrive.exe (PID: 8792)
      • OneDriveSetup.exe (PID: 9092)
      • OneDrive.exe (PID: 8272)

    • The sample compiled with english language support

      • OneDrivePatcher.exe (PID: 7188)
      • OneDriveSetup.exe (PID: 9092)

    • Manual execution by a user

      • chrome.exe (PID: 572)
      • OneDrive.exe (PID: 8792)

    • Application launched itself

      • chrome.exe (PID: 572)

    • Create files in a temporary directory

      • OneDrive.exe (PID: 8792)
      • OneDriveSetup.exe (PID: 9092)

    • Reads CPU info

      • OneDrive.exe (PID: 8792)

    • Reads the time zone

      • OneDrive.exe (PID: 8792)

    • The sample compiled with portuguese language support

      • OneDriveSetup.exe (PID: 9092)

    • Creates a software uninstall entry

      • OneDriveSetup.exe (PID: 9092)

    • Launching a file from a Registry key

      • OneDriveSetup.exe (PID: 9092)

    • The sample compiled with chinese language support

      • OneDriveSetup.exe (PID: 9092)

    • Reads Environment values

      • OneDrive.exe (PID: 8272)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Generic Win/DOS Executable (50)
.exe | DOS Executable Generic (49.9)

EXIF

EXE

MachineType: AMD AMD64
TimeStamp: 2045:12:22 12:52:01+00:00
ImageFileCharacteristics: Executable, Large address aware
PEType: PE32+
LinkerVersion: 14.5
CodeSize: 2601472
InitializedDataSize: 938496
UninitializedDataSize: -
EntryPoint: 0xd52c0
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 26.70.414.1
ProductVersionNumber: 26.70.414.1
FileFlagsMask: 0x003f
FileFlags: Special build
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Microsoft Corporation
FileDescription: Microsoft OneDrive Patcher
InternalName: Microsoft OneDrive
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFileName: OneDrivePatcher.exe
ProductName: Microsoft OneDrive
FileVersion: 26.070.0414.0001
ProductVersion: 26.070.0414.0001
SpecialBuild: b/build/58d507b0-3939-9d95-dd4c-daf495003659
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
163
Monitored processes
23
Malicious processes
1
Suspicious processes
4

Behavior graph

Click at the process to see the details
start onedrivepatcher.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs onedrive.exe onedrivesetup.exe no specs onedrivesetup.exe filesyncconfig.exe no specs onedrive.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
572"C:\Program Files\Google\Chrome\Application\chrome.exe" "--disable-features=OptimizationGuideModelDownloading,OptimizationHintsFetching,OptimizationTargetPrediction,OptimizationHints"C:\Program Files\Google\Chrome\Application\chrome.exe
explorer.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
133.0.6943.127
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
2100"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4316,i,13140871492112772453,2830161170614723276,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20251218-201203.402000 --mojo-platform-channel-handle=4328 /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
133.0.6943.127
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\133.0.6943.127\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
2324"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=6108,i,13140871492112772453,2830161170614723276,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20251218-201203.402000 --mojo-platform-channel-handle=6024 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
133.0.6943.127
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\133.0.6943.127\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
3424"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4580,i,13140871492112772453,2830161170614723276,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20251218-201203.402000 --mojo-platform-channel-handle=4768 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
133.0.6943.127
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\133.0.6943.127\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
4488"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --disable-quic --string-annotations --field-trial-handle=5272,i,13140871492112772453,2830161170614723276,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20251218-201203.402000 --mojo-platform-channel-handle=3488 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
133.0.6943.127
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
4624"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.127 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ffe234afff8,0x7ffe234b0004,0x7ffe234b0010C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
133.0.6943.127
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
5228"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3312,i,13140871492112772453,2830161170614723276,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20251218-201203.402000 --mojo-platform-channel-handle=3352 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
133.0.6943.127
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\133.0.6943.127\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
5648"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5944,i,13140871492112772453,2830161170614723276,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20251218-201203.402000 --mojo-platform-channel-handle=5304 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
133.0.6943.127
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\133.0.6943.127\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
6208"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3324,i,13140871492112772453,2830161170614723276,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20251218-201203.402000 --mojo-platform-channel-handle=4572 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
133.0.6943.127
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\133.0.6943.127\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
6412"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --disable-quic --string-annotations --field-trial-handle=2264,i,13140871492112772453,2830161170614723276,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20251218-201203.402000 --mojo-platform-channel-handle=2252 /prefetch:3C:\Program Files\Google\Chrome\Application\chrome.exe
chrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
133.0.6943.127
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
Total events
14 389
Read events
13 517
Write events
332
Delete events
540

Modification events

(PID) Process:(8792) OneDrive.exeKey:HKEY_CLASSES_ROOT\Interface\{2B865677-AC3A-43BD-B9E7-BF6FCD3F0596}\TypeLib
Operation:writeName:Version
Value:
1.0
(PID) Process:(8792) OneDrive.exeKey:HKEY_CLASSES_ROOT\WOW6432Node\Interface\{2B865677-AC3A-43BD-B9E7-BF6FCD3F0596}\TypeLib
Operation:writeName:Version
Value:
1.0
(PID) Process:(8792) OneDrive.exeKey:HKEY_CLASSES_ROOT\Interface\{ACDB5DB0-C9D5-461C-BAAA-5DCE0B980E40}\TypeLib
Operation:writeName:Version
Value:
1.0
(PID) Process:(8792) OneDrive.exeKey:HKEY_CLASSES_ROOT\WOW6432Node\Interface\{ACDB5DB0-C9D5-461C-BAAA-5DCE0B980E40}\TypeLib
Operation:writeName:Version
Value:
1.0
(PID) Process:(8792) OneDrive.exeKey:HKEY_CLASSES_ROOT\Interface\{10C9242E-D604-49B5-99E4-BF87945EF86C}\TypeLib
Operation:writeName:Version
Value:
1.0
(PID) Process:(8792) OneDrive.exeKey:HKEY_CLASSES_ROOT\WOW6432Node\Interface\{10C9242E-D604-49B5-99E4-BF87945EF86C}\TypeLib
Operation:writeName:Version
Value:
1.0
(PID) Process:(8792) OneDrive.exeKey:HKEY_CLASSES_ROOT\Interface\{F062BA81-ADFE-4A92-886A-23FD851D6406}\TypeLib
Operation:writeName:Version
Value:
1.0
(PID) Process:(8792) OneDrive.exeKey:HKEY_CLASSES_ROOT\WOW6432Node\Interface\{F062BA81-ADFE-4A92-886A-23FD851D6406}\TypeLib
Operation:writeName:Version
Value:
1.0
(PID) Process:(8792) OneDrive.exeKey:HKEY_CLASSES_ROOT\Interface\{3A4E62AE-45D9-41D5-85F5-A45B77AB44E5}\TypeLib
Operation:writeName:Version
Value:
1.0
(PID) Process:(8792) OneDrive.exeKey:HKEY_CLASSES_ROOT\WOW6432Node\Interface\{3A4E62AE-45D9-41D5-85F5-A45B77AB44E5}\TypeLib
Operation:writeName:Version
Value:
1.0
Executable files
218
Suspicious files
129
Text files
462
Unknown types
4

Dropped files

PID
Process
Filename
Type
572chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\ClientCertificates\LOG.old~RFe1420.TMP
MD5:
SHA256:
572chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOG.old~RFe1420.TMP
MD5:
SHA256:
572chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\parcel_tracking_db\LOG.old~RFe1420.TMP
MD5:
SHA256:
572chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\chrome_cart_db\LOG.old~RFe1420.TMP
MD5:
SHA256:
572chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
572chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\chrome_cart_db\LOG.old
MD5:
SHA256:
572chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials\LOG.old~RFe142f.TMP
MD5:
SHA256:
572chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\ClientCertificates\LOG.old
MD5:
SHA256:
572chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
572chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
183
TCP/UDP connections
73
DNS requests
72
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6412
chrome.exe
OPTIONS
200
192.178.183.95:443
https://ogads-pa.clients6.google.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData
US
whitelisted
6412
chrome.exe
OPTIONS
200
142.251.110.113:443
https://play.google.com/log?format=json&hasfast=true
US
whitelisted
GET
200
204.79.197.203:80
http://oneocsp.microsoft.com/ocsp/MFQwUjBQME4wTDAJBgUrDgMCGgUABBQ3L3%2F%2Fa6ADK8NraY2GXzVaYrHG4AQUb6t%2B2v%2BXQ3LsO2d33oJhNYhHQoUCEzMAAAAGb6JMMcOVb6sAAAAAAAY%3D
US
binary
924 b
whitelisted
6412
chrome.exe
POST
200
142.251.127.84:443
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
US
text
17 b
whitelisted
GET
200
23.11.40.157:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAjTxtAB8my1oj8MfWpz%2F7Y%3D
NL
binary
314 b
whitelisted
6412
chrome.exe
GET
200
192.178.183.95:443
https://safebrowsingohttpgateway.googleapis.com/v1/ohttp/hpkekeyconfig?key=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE
US
binary
41 b
whitelisted
6412
chrome.exe
GET
200
142.251.154.119:443
https://www.google.com/async/ddljson?async=ntp:2
US
text
19 b
whitelisted
6412
chrome.exe
GET
200
142.251.20.94:443
https://www.gstatic.com/og/_/ss/k=og.qtm.HnH-CAwOVIg.L.W.O/m=qmd,qcwid,d_b_gm3,d_wi_gm3,d_lo_gm3/excm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/ct=zgms/rs=AA2YrTuFmhMHSAVtkBDVb0Pb5hPayvM0fA
US
text
10.0 Kb
whitelisted
6412
chrome.exe
GET
200
142.251.154.119:443
https://www.google.com/async/newtab_promos
US
text
29 b
whitelisted
6412
chrome.exe
GET
200
142.251.20.94:443
https://www.gstatic.com/og/_/js/k=og.qtm.en_US.qsnWvyGgPxA.2019.O/rt=j/m=q_dnp,qmd,qcwid,qapid,qald,qads/exm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/rs=AA2YrTu_qmEHoUaBvNLtTwxnI0L_WCqwpg
US
text
183 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
8000
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:137
Not routed
whitelisted
5276
MoUsoCoreWorker.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
128.24.231.65:443
activation-v2.sls.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5532
SearchApp.exe
2.16.241.222:443
www.bing.com
AKAMAI-ASN1
NL
whitelisted
23.11.40.157:80
ocsp.digicert.com
AKAMAI-AMS
NL
whitelisted
204.79.197.203:80
oneocsp.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:138
Not routed
whitelisted
6412
chrome.exe
192.178.183.95:443
safebrowsingohttpgateway.googleapis.com
GOOGLE
US
whitelisted
6412
chrome.exe
142.251.13.138:80
clients2.google.com
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 51.104.136.2
  • 51.124.78.146
whitelisted
activation-v2.sls.microsoft.com
  • 128.24.231.65
whitelisted
www.bing.com
  • 2.16.241.222
  • 2.16.241.205
  • 2.16.241.207
  • 2.16.241.206
whitelisted
ocsp.digicert.com
  • 23.11.40.157
whitelisted
oneocsp.microsoft.com
  • 204.79.197.203
whitelisted
google.com
  • 142.251.20.100
  • 142.251.20.102
  • 142.251.20.139
  • 142.251.20.138
  • 142.251.20.113
  • 142.251.20.101
whitelisted
clients2.google.com
  • 142.251.13.138
  • 142.251.13.102
  • 142.251.13.139
  • 142.251.13.100
  • 142.251.13.113
  • 142.251.13.101
whitelisted
safebrowsingohttpgateway.googleapis.com
  • 192.178.183.95
  • 142.250.154.95
  • 142.251.127.95
  • 142.251.14.95
  • 142.251.13.95
  • 142.251.20.95
  • 142.251.110.95
whitelisted
clientservices.googleapis.com
  • 142.250.154.100
  • 142.250.154.138
  • 142.250.154.101
  • 142.250.154.139
  • 142.250.154.113
  • 142.250.154.102
whitelisted
accounts.google.com
  • 142.251.127.84
whitelisted

Threats

PID
Process
Class
Message
8000
svchost.exe
Unknown Traffic
ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
OneDrivePatcher.exe