File name:

OneDriveStandaloneUpdater.exe

Full analysis: https://app.any.run/tasks/90f0a733-c7a6-47cd-b298-111e4f440d8a
Verdict: Malicious activity
Analysis date: March 25, 2025, 16:13:08
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32+ executable (GUI) x86-64, for MS Windows, 8 sections
MD5:

4C4FDEF4DA87D23E7217704FF5967244

SHA1:

C80F2F9E9039659BE1E87C690287E088A4CC967F

SHA256:

1E6FC0B2A82A2D9A88839547255DEB404590D78023171F9650F9CCB7FC8C6C62

SSDEEP:

98304:I79mnIgJt4ulnh+TLpHPXxkgqpXE9Gb23JJjZRCSj+T:Iikr7q

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • OneDriveSetup.exe (PID: 5164)

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • OneDriveStandaloneUpdater.exe (PID: 7368)
      • OneDriveSetup.exe (PID: 5164)

    • Starts a Microsoft application from unusual location

      • OneDriveStandaloneUpdater.exe (PID: 7368)
      • OneDriveStandaloneUpdater.exe (PID: 7892)

    • Reads security settings of Internet Explorer

      • OneDrive.exe (PID: 1312)
      • OneDriveSetup.exe (PID: 7664)
      • OneDriveSetup.exe (PID: 5164)

    • Application launched itself

      • OneDriveSetup.exe (PID: 7664)

    • Executable content was dropped or overwritten

      • OneDriveSetup.exe (PID: 5164)

    • There is functionality for taking screenshot (YARA)

      • OneDrive.exe (PID: 1312)

    • Creates/Modifies COM task schedule object

      • OneDriveSetup.exe (PID: 5164)
      • OneDrive.exe (PID: 1312)

    • Creates a software uninstall entry

      • OneDriveSetup.exe (PID: 5164)

    • The process creates files with name similar to system file names

      • OneDriveSetup.exe (PID: 5164)

    • The process drops C-runtime libraries

      • OneDriveSetup.exe (PID: 5164)

  • INFO

    • The sample compiled with english language support

      • OneDriveStandaloneUpdater.exe (PID: 7368)
      • OneDriveSetup.exe (PID: 5164)

    • Creates files or folders in the user directory

      • OneDriveStandaloneUpdater.exe (PID: 7368)
      • OneDriveSetup.exe (PID: 7664)
      • OneDriveSetup.exe (PID: 5164)
      • OneDrive.exe (PID: 7152)
      • OneDriveStandaloneUpdater.exe (PID: 7892)
      • OneDrive.exe (PID: 1312)

    • Reads the software policy settings

      • slui.exe (PID: 7500)
      • OneDriveSetup.exe (PID: 7664)
      • OneDriveSetup.exe (PID: 5164)
      • slui.exe (PID: 5756)
      • OneDrive.exe (PID: 1312)

    • Manual execution by a user

      • OneDrive.exe (PID: 1312)
      • OneDriveStandaloneUpdater.exe (PID: 7892)

    • Checks supported languages

      • OneDrive.exe (PID: 1312)
      • OneDriveStandaloneUpdater.exe (PID: 7368)
      • FileSyncConfig.exe (PID: 7836)
      • OneDriveSetup.exe (PID: 5164)
      • OneDrive.exe (PID: 7152)
      • OneDriveStandaloneUpdater.exe (PID: 7892)

    • Reads the computer name

      • OneDrive.exe (PID: 1312)
      • OneDriveSetup.exe (PID: 5164)
      • OneDrive.exe (PID: 7152)

    • Create files in a temporary directory

      • OneDrive.exe (PID: 1312)
      • svchost.exe (PID: 3888)

    • Reads the time zone

      • OneDrive.exe (PID: 1312)

    • Process checks computer location settings

      • OneDrive.exe (PID: 1312)
      • OneDriveSetup.exe (PID: 5164)

    • Reads the machine GUID from the registry

      • OneDriveSetup.exe (PID: 7664)
      • OneDriveSetup.exe (PID: 5164)
      • OneDrive.exe (PID: 1312)

    • The sample compiled with chinese language support

      • OneDriveSetup.exe (PID: 5164)

    • The sample compiled with portuguese language support

      • OneDriveSetup.exe (PID: 5164)

    • Reads Environment values

      • OneDrive.exe (PID: 7152)

    • Checks proxy server information

      • slui.exe (PID: 5756)
      • OneDrive.exe (PID: 1312)

    • Reads CPU info

      • OneDrive.exe (PID: 1312)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (87.3)
.exe | Generic Win/DOS Executable (6.3)
.exe | DOS Executable Generic (6.3)

EXIF

EXE

MachineType: AMD AMD64
TimeStamp: 2090:12:21 21:34:07+00:00
ImageFileCharacteristics: Executable, Large address aware
PEType: PE32+
LinkerVersion: 14.33
CodeSize: 3017728
InitializedDataSize: 1219072
UninitializedDataSize: -
EntryPoint: 0x38a00
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 25.35.223.3
ProductVersionNumber: 25.35.223.3
FileFlagsMask: 0x003f
FileFlags: Special build
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Microsoft Corporation
FileDescription: Standalone Updater
InternalName: OneDriveStandaloneUpdater.exe
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFileName: OneDriveStandaloneUpdater.exe
ProductName: Microsoft OneDrive
FileVersion: 25.035.0223.0003
ProductVersion: 25.035.0223.0003
SpecialBuild: b/build/9095564f-ab1b-0830-c53e-d7d089294a8f
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
149
Monitored processes
12
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start onedrivestandaloneupdater.exe no specs sppextcomobj.exe no specs slui.exe rundll32.exe no specs slui.exe onedrive.exe svchost.exe onedrivesetup.exe no specs onedrivesetup.exe filesyncconfig.exe no specs onedrive.exe no specs onedrivestandaloneupdater.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1312"C:\Users\admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe" C:\Users\admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft OneDrive
Exit code:
0
Version:
19.043.0304.0013
Modules
Images
c:\users\admin\appdata\local\microsoft\onedrive\onedrive.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\advapi32.dll
c:\windows\syswow64\msvcrt.dll
3888C:\WINDOWS\System32\svchost.exe -k netsvcs -p -s BITSC:\Windows\System32\svchost.exe
services.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Host Process for Windows Services
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\kernel.appcore.dll
5164C:\Users\admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe /update /restart /updateSource:ODU /peruser /childprocess C:\Users\admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe
OneDriveSetup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft OneDrive (32 bit) Setup
Exit code:
0
Version:
21.220.1024.0005
Modules
Images
c:\users\admin\appdata\local\microsoft\onedrive\update\onedrivesetup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\wer.dll
c:\windows\syswow64\user32.dll
5756C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
7152 /updateInstalled /backgroundC:\Users\admin\AppData\Local\Microsoft\OneDrive\OneDrive.exeOneDriveSetup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft OneDrive
Exit code:
2147943660
Version:
21.220.1024.0005
Modules
Images
c:\users\admin\appdata\local\microsoft\onedrive\onedrive.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\win32u.dll
7368"C:\Users\admin\AppData\Local\Temp\OneDriveStandaloneUpdater.exe" C:\Users\admin\AppData\Local\Temp\OneDriveStandaloneUpdater.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Standalone Updater
Exit code:
2147806726
Version:
25.035.0223.0003
Modules
Images
c:\users\admin\appdata\local\temp\onedrivestandaloneupdater.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
7468C:\WINDOWS\system32\SppExtComObj.exe -EmbeddingC:\Windows\System32\SppExtComObj.Exesvchost.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
KMS Connection Broker
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\sppextcomobj.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\oleaut32.dll
7500"C:\WINDOWS\System32\SLUI.exe" RuleId=3482d82e-ca2c-4e1f-8864-da0267b484b2;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=TimerEventC:\Windows\System32\slui.exe
SppExtComObj.Exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows Activation Client
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
7648C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -EmbeddingC:\Windows\System32\rundll32.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shcore.dll
c:\windows\system32\imagehlp.dll
7664"C:\Users\admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" /update /restart /updateSource:ODU C:\Users\admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exeOneDrive.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft OneDrive (32 bit) Setup
Exit code:
0
Version:
21.220.1024.0005
Modules
Images
c:\users\admin\appdata\local\microsoft\onedrive\update\onedrivesetup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\win32u.dll
Total events
16 543
Read events
15 659
Write events
336
Delete events
548

Modification events

(PID) Process:(1312) OneDrive.exeKey:HKEY_CLASSES_ROOT\AppID\OneDrive.EXE
Operation:writeName:AppID
Value:
{EEABD3A3-784D-4334-AAFC-BB13234F17CF}
(PID) Process:(1312) OneDrive.exeKey:HKEY_CLASSES_ROOT\FileSyncClient.AutoPlayHandler\shell\import\DropTarget
Operation:writeName:CLSID
Value:
{5999E1EE-711E-48D2-9884-851A709F543D}
(PID) Process:(1312) OneDrive.exeKey:HKEY_CLASSES_ROOT\BannerNotificationHandler.BannerNotificationHandler\shell\import\DropTarget
Operation:writeName:CLSID
Value:
{2e7c0a19-0438-41e9-81e3-3ad3d64f55ba}
(PID) Process:(1312) OneDrive.exeKey:HKEY_CLASSES_ROOT\Interface\{F0AF7C30-EAE4-4644-961D-54E6E28708D6}\TypeLib
Operation:writeName:Version
Value:
1.0
(PID) Process:(1312) OneDrive.exeKey:HKEY_CLASSES_ROOT\WOW6432Node\Interface\{F0AF7C30-EAE4-4644-961D-54E6E28708D6}\TypeLib
Operation:writeName:Version
Value:
1.0
(PID) Process:(1312) OneDrive.exeKey:HKEY_CLASSES_ROOT\Interface\{9D613F8A-B30E-4938-8490-CB5677701EBF}\TypeLib
Operation:writeName:Version
Value:
1.0
(PID) Process:(1312) OneDrive.exeKey:HKEY_CLASSES_ROOT\WOW6432Node\Interface\{9D613F8A-B30E-4938-8490-CB5677701EBF}\TypeLib
Operation:writeName:Version
Value:
1.0
(PID) Process:(1312) OneDrive.exeKey:HKEY_CLASSES_ROOT\Interface\{79A2A54C-3916-41FD-9FAB-F26ED0BBA755}\TypeLib
Operation:writeName:Version
Value:
1.0
(PID) Process:(1312) OneDrive.exeKey:HKEY_CLASSES_ROOT\WOW6432Node\Interface\{79A2A54C-3916-41FD-9FAB-F26ED0BBA755}\TypeLib
Operation:writeName:Version
Value:
1.0
(PID) Process:(1312) OneDrive.exeKey:HKEY_CLASSES_ROOT\Interface\{0299ECA9-80B6-43C8-A79A-FB1C5F19E7D8}\TypeLib
Operation:writeName:Version
Value:
1.0
Executable files
221
Suspicious files
82
Text files
401
Unknown types
0

Dropped files

PID
Process
Filename
Type
1312OneDrive.exeC:\Users\admin\AppData\Local\Microsoft\OneDrive\logs\Personal\telemetryCache.otc.session-journalbinary
MD5:AACB52B6951805A29312DA4F0E765DCF
SHA256:B6B65A0D9BD68EB39B75B1B59648A323F96F8FC4C56C9BA0135C8969509ED22E
7368OneDriveStandaloneUpdater.exeC:\Users\admin\AppData\Local\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2025-03-25.1613.7368.1.aodlbinary
MD5:DB53A6E60245F16FD3052CED4635F4EB
SHA256:8B53647A3F219FC2FB30CAAD3FB5AAD5989CF9B104CBF47FDA97EB6D9849141F
1312OneDrive.exeC:\Users\admin\AppData\Local\Microsoft\OneDrive\logs\Personal\SyncEngine-2025-03-25.1614.1312.1.aodlbinary
MD5:28DCA2FF4B34B5A52A2E59DF202A6ED3
SHA256:33BACCB7296F1ED1F995FC77A23049F261CF391AC0388F9E8DD161F8C17B7F94
7368OneDriveStandaloneUpdater.exeC:\Users\admin\AppData\Local\Microsoft\OneDrive\logs\Common\StandaloneUpdater-2183-7-26.1934.5716.1.odlbinary
MD5:E0F25B7B6BD46DF0A3CA400760C9357B
SHA256:B4B673F4758D265B2CFD2BD2986F0C37F247726BF8D37B2F045FBE7DA81B5894
1312OneDrive.exeC:\Users\admin\AppData\Local\Microsoft\OneDrive\logs\Personal\TraceArchive.0304.0013-36.etlbinary
MD5:97596EEBD1886A7637AEC1F4739959FC
SHA256:43A342C94BDA9B236D3D1F45711C0B2FB9FA179CF7E0C9252E6DB0EE1930811F
1312OneDrive.exeC:\Users\admin\AppData\Local\Microsoft\OneDrive\logs\Personal\telemetryCache.otc.sessionbinary
MD5:580BD824DEBBA908591408D7A5A3D01F
SHA256:B3218FF93047231A34C6962C758A36D412C2EB928C33F7EE537023EB6E489974
1312OneDrive.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04binary
MD5:0BBEDBE65D529A83D458D6526145E2AD
SHA256:F5E7FDED7887B5235D7A33796629D2A057CAED455093A0D8ADAD0E9E2B2FE3D6
1312OneDrive.exeC:\Users\admin\AppData\Local\Microsoft\OneDrive\logs\Personal\Update_2017-09-07_010407_115c-16f4.loggzcompressed
MD5:0B1B6AEA14319C877AEB7E12E25B6105
SHA256:3B921684D40475A24D4862C1BEC2DC8762542C9AF566ACD514BE023C69093FB3
1312OneDrive.exeC:\Users\admin\AppData\Local\Microsoft\OneDrive\logs\Personal\Update_2017-09-07_010539_1444-edc.loggzcompressed
MD5:A5134A2CF48AC6170A85C6617F4CA4BA
SHA256:4BAAEADAFE8336613F668EE5A90011FD531C3792D0F6A2E2460C9567D7B7CDC5
3888svchost.exeC:\Users\admin\AppData\Local\Temp\BIT34B4.tmp
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
7
TCP/UDP connections
30
DNS requests
20
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
23.48.23.162:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6544
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
8028
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
1312
OneDrive.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEApDqVCbATUviZV57HIIulA%3D
unknown
whitelisted
8028
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
1312
OneDrive.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
664
backgroundTaskHost.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2104
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
23.48.23.162:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
40.113.103.199:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6544
svchost.exe
20.190.160.22:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6544
svchost.exe
2.17.190.73:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
4
System
192.168.100.255:137
whitelisted
664
backgroundTaskHost.exe
20.223.35.26:443
arc.msn.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
664
backgroundTaskHost.exe
2.23.77.188:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.186.46
whitelisted
settings-win.data.microsoft.com
  • 40.127.240.158
  • 20.73.194.208
whitelisted
crl.microsoft.com
  • 23.48.23.162
  • 23.48.23.143
  • 23.48.23.166
  • 23.48.23.176
  • 23.48.23.145
  • 23.48.23.190
  • 23.48.23.141
  • 23.48.23.183
whitelisted
client.wns.windows.com
  • 40.113.103.199
whitelisted
login.live.com
  • 20.190.160.22
  • 20.190.160.132
  • 20.190.160.2
  • 40.126.32.72
  • 20.190.160.14
  • 20.190.160.131
  • 40.126.32.74
  • 20.190.160.17
whitelisted
ocsp.digicert.com
  • 2.17.190.73
  • 2.23.77.188
whitelisted
arc.msn.com
  • 20.223.35.26
whitelisted
slscr.update.microsoft.com
  • 172.202.163.200
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 13.85.23.206
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
OneDriveStandaloneUpdater.exe