File name:

OneDriveStandaloneUpdater.exe

Full analysis: https://app.any.run/tasks/90f0a733-c7a6-47cd-b298-111e4f440d8a
Verdict: Malicious activity
Analysis date: March 25, 2025, 16:13:08
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32+ executable (GUI) x86-64, for MS Windows, 8 sections
MD5:

4C4FDEF4DA87D23E7217704FF5967244

SHA1:

C80F2F9E9039659BE1E87C690287E088A4CC967F

SHA256:

1E6FC0B2A82A2D9A88839547255DEB404590D78023171F9650F9CCB7FC8C6C62

SSDEEP:

98304:I79mnIgJt4ulnh+TLpHPXxkgqpXE9Gb23JJjZRCSj+T:Iikr7q

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • OneDriveSetup.exe (PID: 5164)

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • OneDriveStandaloneUpdater.exe (PID: 7368)
      • OneDriveSetup.exe (PID: 5164)

    • Starts a Microsoft application from unusual location

      • OneDriveStandaloneUpdater.exe (PID: 7368)
      • OneDriveStandaloneUpdater.exe (PID: 7892)

    • Creates/Modifies COM task schedule object

      • OneDrive.exe (PID: 1312)
      • OneDriveSetup.exe (PID: 5164)

    • Reads security settings of Internet Explorer

      • OneDrive.exe (PID: 1312)
      • OneDriveSetup.exe (PID: 7664)
      • OneDriveSetup.exe (PID: 5164)

    • Application launched itself

      • OneDriveSetup.exe (PID: 7664)

    • Executable content was dropped or overwritten

      • OneDriveSetup.exe (PID: 5164)

    • The process creates files with name similar to system file names

      • OneDriveSetup.exe (PID: 5164)

    • The process drops C-runtime libraries

      • OneDriveSetup.exe (PID: 5164)

    • There is functionality for taking screenshot (YARA)

      • OneDrive.exe (PID: 1312)

    • Creates a software uninstall entry

      • OneDriveSetup.exe (PID: 5164)

  • INFO

    • The sample compiled with english language support

      • OneDriveStandaloneUpdater.exe (PID: 7368)
      • OneDriveSetup.exe (PID: 5164)

    • Creates files or folders in the user directory

      • OneDriveStandaloneUpdater.exe (PID: 7368)
      • OneDrive.exe (PID: 1312)
      • OneDriveSetup.exe (PID: 5164)
      • OneDriveSetup.exe (PID: 7664)
      • OneDrive.exe (PID: 7152)
      • OneDriveStandaloneUpdater.exe (PID: 7892)

    • Reads the software policy settings

      • slui.exe (PID: 7500)
      • OneDrive.exe (PID: 1312)
      • OneDriveSetup.exe (PID: 7664)
      • OneDriveSetup.exe (PID: 5164)
      • slui.exe (PID: 5756)

    • Checks supported languages

      • OneDriveStandaloneUpdater.exe (PID: 7368)
      • OneDrive.exe (PID: 1312)
      • FileSyncConfig.exe (PID: 7836)
      • OneDrive.exe (PID: 7152)
      • OneDriveStandaloneUpdater.exe (PID: 7892)
      • OneDriveSetup.exe (PID: 5164)

    • Manual execution by a user

      • OneDrive.exe (PID: 1312)
      • OneDriveStandaloneUpdater.exe (PID: 7892)

    • Create files in a temporary directory

      • OneDrive.exe (PID: 1312)
      • svchost.exe (PID: 3888)

    • Reads the time zone

      • OneDrive.exe (PID: 1312)

    • Reads CPU info

      • OneDrive.exe (PID: 1312)

    • Reads the computer name

      • OneDrive.exe (PID: 1312)
      • OneDriveSetup.exe (PID: 5164)
      • OneDrive.exe (PID: 7152)

    • Checks proxy server information

      • OneDrive.exe (PID: 1312)
      • slui.exe (PID: 5756)

    • Reads the machine GUID from the registry

      • OneDrive.exe (PID: 1312)
      • OneDriveSetup.exe (PID: 5164)
      • OneDriveSetup.exe (PID: 7664)

    • Process checks computer location settings

      • OneDrive.exe (PID: 1312)
      • OneDriveSetup.exe (PID: 5164)

    • The sample compiled with portuguese language support

      • OneDriveSetup.exe (PID: 5164)

    • The sample compiled with chinese language support

      • OneDriveSetup.exe (PID: 5164)

    • Reads Environment values

      • OneDrive.exe (PID: 7152)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (87.3)
.exe | Generic Win/DOS Executable (6.3)
.exe | DOS Executable Generic (6.3)

EXIF

EXE

MachineType: AMD AMD64
TimeStamp: 2090:12:21 21:34:07+00:00
ImageFileCharacteristics: Executable, Large address aware
PEType: PE32+
LinkerVersion: 14.33
CodeSize: 3017728
InitializedDataSize: 1219072
UninitializedDataSize: -
EntryPoint: 0x38a00
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 25.35.223.3
ProductVersionNumber: 25.35.223.3
FileFlagsMask: 0x003f
FileFlags: Special build
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Microsoft Corporation
FileDescription: Standalone Updater
InternalName: OneDriveStandaloneUpdater.exe
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFileName: OneDriveStandaloneUpdater.exe
ProductName: Microsoft OneDrive
FileVersion: 25.035.0223.0003
ProductVersion: 25.035.0223.0003
SpecialBuild: b/build/9095564f-ab1b-0830-c53e-d7d089294a8f
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
149
Monitored processes
12
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start onedrivestandaloneupdater.exe no specs sppextcomobj.exe no specs slui.exe rundll32.exe no specs slui.exe onedrive.exe svchost.exe onedrivesetup.exe no specs onedrivesetup.exe filesyncconfig.exe no specs onedrive.exe no specs onedrivestandaloneupdater.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1312"C:\Users\admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe" C:\Users\admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft OneDrive
Exit code:
0
Version:
19.043.0304.0013
Modules
Images
c:\users\admin\appdata\local\microsoft\onedrive\onedrive.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\advapi32.dll
c:\windows\syswow64\msvcrt.dll
3888C:\WINDOWS\System32\svchost.exe -k netsvcs -p -s BITSC:\Windows\System32\svchost.exe
services.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Host Process for Windows Services
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\kernel.appcore.dll
5164C:\Users\admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe /update /restart /updateSource:ODU /peruser /childprocess C:\Users\admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe
OneDriveSetup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft OneDrive (32 bit) Setup
Exit code:
0
Version:
21.220.1024.0005
Modules
Images
c:\users\admin\appdata\local\microsoft\onedrive\update\onedrivesetup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\wer.dll
c:\windows\syswow64\user32.dll
5756C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
7152 /updateInstalled /backgroundC:\Users\admin\AppData\Local\Microsoft\OneDrive\OneDrive.exeOneDriveSetup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft OneDrive
Exit code:
2147943660
Version:
21.220.1024.0005
Modules
Images
c:\users\admin\appdata\local\microsoft\onedrive\onedrive.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\win32u.dll
7368"C:\Users\admin\AppData\Local\Temp\OneDriveStandaloneUpdater.exe" C:\Users\admin\AppData\Local\Temp\OneDriveStandaloneUpdater.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Standalone Updater
Exit code:
2147806726
Version:
25.035.0223.0003
Modules
Images
c:\users\admin\appdata\local\temp\onedrivestandaloneupdater.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
7468C:\WINDOWS\system32\SppExtComObj.exe -EmbeddingC:\Windows\System32\SppExtComObj.Exesvchost.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
KMS Connection Broker
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\sppextcomobj.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\oleaut32.dll
7500"C:\WINDOWS\System32\SLUI.exe" RuleId=3482d82e-ca2c-4e1f-8864-da0267b484b2;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=TimerEventC:\Windows\System32\slui.exe
SppExtComObj.Exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows Activation Client
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
7648C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -EmbeddingC:\Windows\System32\rundll32.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shcore.dll
c:\windows\system32\imagehlp.dll
7664"C:\Users\admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" /update /restart /updateSource:ODU C:\Users\admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exeOneDrive.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft OneDrive (32 bit) Setup
Exit code:
0
Version:
21.220.1024.0005
Modules
Images
c:\users\admin\appdata\local\microsoft\onedrive\update\onedrivesetup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\win32u.dll
Total events
16 543
Read events
15 659
Write events
336
Delete events
548

Modification events

(PID) Process:(1312) OneDrive.exeKey:HKEY_CLASSES_ROOT\AppID\OneDrive.EXE
Operation:writeName:AppID
Value:
{EEABD3A3-784D-4334-AAFC-BB13234F17CF}
(PID) Process:(1312) OneDrive.exeKey:HKEY_CLASSES_ROOT\FileSyncClient.AutoPlayHandler\shell\import\DropTarget
Operation:writeName:CLSID
Value:
{5999E1EE-711E-48D2-9884-851A709F543D}
(PID) Process:(1312) OneDrive.exeKey:HKEY_CLASSES_ROOT\BannerNotificationHandler.BannerNotificationHandler\shell\import\DropTarget
Operation:writeName:CLSID
Value:
{2e7c0a19-0438-41e9-81e3-3ad3d64f55ba}
(PID) Process:(1312) OneDrive.exeKey:HKEY_CLASSES_ROOT\Interface\{F0AF7C30-EAE4-4644-961D-54E6E28708D6}\TypeLib
Operation:writeName:Version
Value:
1.0
(PID) Process:(1312) OneDrive.exeKey:HKEY_CLASSES_ROOT\WOW6432Node\Interface\{F0AF7C30-EAE4-4644-961D-54E6E28708D6}\TypeLib
Operation:writeName:Version
Value:
1.0
(PID) Process:(1312) OneDrive.exeKey:HKEY_CLASSES_ROOT\Interface\{9D613F8A-B30E-4938-8490-CB5677701EBF}\TypeLib
Operation:writeName:Version
Value:
1.0
(PID) Process:(1312) OneDrive.exeKey:HKEY_CLASSES_ROOT\WOW6432Node\Interface\{9D613F8A-B30E-4938-8490-CB5677701EBF}\TypeLib
Operation:writeName:Version
Value:
1.0
(PID) Process:(1312) OneDrive.exeKey:HKEY_CLASSES_ROOT\Interface\{79A2A54C-3916-41FD-9FAB-F26ED0BBA755}\TypeLib
Operation:writeName:Version
Value:
1.0
(PID) Process:(1312) OneDrive.exeKey:HKEY_CLASSES_ROOT\WOW6432Node\Interface\{79A2A54C-3916-41FD-9FAB-F26ED0BBA755}\TypeLib
Operation:writeName:Version
Value:
1.0
(PID) Process:(1312) OneDrive.exeKey:HKEY_CLASSES_ROOT\Interface\{0299ECA9-80B6-43C8-A79A-FB1C5F19E7D8}\TypeLib
Operation:writeName:Version
Value:
1.0
Executable files
221
Suspicious files
82
Text files
401
Unknown types
0

Dropped files

PID
Process
Filename
Type
1312OneDrive.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04binary
MD5:3762BF3F3D9D8A029588B4ED0BA2917B
SHA256:99494B9D32F694A37C7CEE9A318B1DE7D1A0BE6F8B3622BC95A7D2B5181AB819
1312OneDrive.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04binary
MD5:0BBEDBE65D529A83D458D6526145E2AD
SHA256:F5E7FDED7887B5235D7A33796629D2A057CAED455093A0D8ADAD0E9E2B2FE3D6
7368OneDriveStandaloneUpdater.exeC:\Users\admin\AppData\Local\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2025-03-25.1613.7368.1.aodlbinary
MD5:DB53A6E60245F16FD3052CED4635F4EB
SHA256:8B53647A3F219FC2FB30CAAD3FB5AAD5989CF9B104CBF47FDA97EB6D9849141F
1312OneDrive.exeC:\Users\admin\AppData\Local\Microsoft\OneDrive\logs\Personal\telemetryCache.otc.sessionbinary
MD5:580BD824DEBBA908591408D7A5A3D01F
SHA256:B3218FF93047231A34C6962C758A36D412C2EB928C33F7EE537023EB6E489974
1312OneDrive.exeC:\Users\admin\AppData\Local\Microsoft\OneDrive\logs\Personal\SyncEngine-2025-03-25.1614.1312.1.aodlbinary
MD5:28DCA2FF4B34B5A52A2E59DF202A6ED3
SHA256:33BACCB7296F1ED1F995FC77A23049F261CF391AC0388F9E8DD161F8C17B7F94
7368OneDriveStandaloneUpdater.exeC:\Users\admin\AppData\Local\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2183-7-26.1934.5716.1.odlbinary
MD5:E0F25B7B6BD46DF0A3CA400760C9357B
SHA256:B4B673F4758D265B2CFD2BD2986F0C37F247726BF8D37B2F045FBE7DA81B5894
1312OneDrive.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\26C212D9399727259664BDFCA073966E_F9F7D6A7ECE73106D2A8C63168CDA10Dbinary
MD5:3042F40C17680EAD752A8B4EC45F74FC
SHA256:AF2AFCC5768E9E09761E1C7B7D8DFD34AF35E18551A589279FD78EA8C8A203B9
1312OneDrive.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\26C212D9399727259664BDFCA073966E_F9F7D6A7ECE73106D2A8C63168CDA10Dbinary
MD5:AFEA078FE929B332D1B4D19517DA1AFF
SHA256:F8FA4D9CB78C2C5A0725CA78299B28EBF36322896CD98A34AEF517A7937747FB
1312OneDrive.exeC:\Users\admin\AppData\Local\Microsoft\OneDrive\logs\Personal\telemetryCache.otc.session-journalbinary
MD5:AACB52B6951805A29312DA4F0E765DCF
SHA256:B6B65A0D9BD68EB39B75B1B59648A323F96F8FC4C56C9BA0135C8969509ED22E
3888svchost.exeC:\Users\admin\AppData\Local\Temp\BIT34B4.tmp
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
7
TCP/UDP connections
30
DNS requests
20
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6544
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
1312
OneDrive.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEApDqVCbATUviZV57HIIulA%3D
unknown
whitelisted
GET
200
23.48.23.162:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1312
OneDrive.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
8028
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
8028
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
664
backgroundTaskHost.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2104
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
23.48.23.162:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
40.113.103.199:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6544
svchost.exe
20.190.160.22:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6544
svchost.exe
2.17.190.73:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
4
System
192.168.100.255:137
whitelisted
664
backgroundTaskHost.exe
20.223.35.26:443
arc.msn.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
664
backgroundTaskHost.exe
2.23.77.188:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.186.46
whitelisted
settings-win.data.microsoft.com
  • 40.127.240.158
  • 20.73.194.208
whitelisted
crl.microsoft.com
  • 23.48.23.162
  • 23.48.23.143
  • 23.48.23.166
  • 23.48.23.176
  • 23.48.23.145
  • 23.48.23.190
  • 23.48.23.141
  • 23.48.23.183
whitelisted
client.wns.windows.com
  • 40.113.103.199
whitelisted
login.live.com
  • 20.190.160.22
  • 20.190.160.132
  • 20.190.160.2
  • 40.126.32.72
  • 20.190.160.14
  • 20.190.160.131
  • 40.126.32.74
  • 20.190.160.17
whitelisted
ocsp.digicert.com
  • 2.17.190.73
  • 2.23.77.188
whitelisted
arc.msn.com
  • 20.223.35.26
whitelisted
slscr.update.microsoft.com
  • 172.202.163.200
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 13.85.23.206
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
OneDriveStandaloneUpdater.exe