File name:

Google Drive.exe

Full analysis: https://app.any.run/tasks/dbe93a5a-c138-4685-9724-376350135a87
Verdict: Malicious activity
Threats:

AsyncRAT is a RAT that can monitor and remotely control infected systems. This malware was introduced on Github as a legitimate open-source remote administration software, but hackers use it for its many powerful malicious functions.

Malware Trends Tracker     >>>
Analysis date: January 17, 2026, 18:09:08
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
auto-reg
asyncrat
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections
MD5:

D8AA894BA8F81032496AC509B9FFA1B6

SHA1:

097072DFA5470840FA7F202EFFFFF1D28EEF8218

SHA256:

4040BCBEB29B512C0BB6A96884D5AFA1E333A7EA1AB3084DB1D9AF932719A05C

SSDEEP:

1536:r3WMswwGp3vSlbzrHIReU/NOKNLdv/Ps3bvXS/pAhmR/xpX+2P8F:r3WMswwGp3v4HIfVs3bv6FGF

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • ASYNCRAT has been detected (YARA)

      • GoogleDrive.exe (PID: 7808)

    • Changes the autorun value in the registry

      • Google Drive.exe (PID: 7616)

  • SUSPICIOUS

    • Connects to unusual port

      • GoogleDrive.exe (PID: 7808)

    • Executing commands from a ".bat" file

      • Google Drive.exe (PID: 7616)

    • Uses TIMEOUT.EXE to delay execution

      • cmd.exe (PID: 7656)

    • Starts CMD.EXE for commands execution

      • Google Drive.exe (PID: 7616)

    • The executable file from the user directory is run by the CMD process

      • GoogleDrive.exe (PID: 7808)

    • Executable content was dropped or overwritten

      • Google Drive.exe (PID: 7616)

  • INFO

    • Reads the computer name

      • Google Drive.exe (PID: 7616)
      • GoogleDrive.exe (PID: 7808)
      • GoogleDrive.exe (PID: 8032)

    • Reads the machine GUID from the registry

      • Google Drive.exe (PID: 7616)
      • GoogleDrive.exe (PID: 7808)
      • GoogleDrive.exe (PID: 8032)

    • Checks supported languages

      • Google Drive.exe (PID: 7616)
      • GoogleDrive.exe (PID: 7808)
      • GoogleDrive.exe (PID: 8032)

    • Drops script file

      • cmd.exe (PID: 7656)
      • Google Drive.exe (PID: 7616)

    • Launching a file from a Registry key

      • Google Drive.exe (PID: 7616)

    • Manual execution by a user

      • GoogleDrive.exe (PID: 8032)

    • Checks proxy server information

      • slui.exe (PID: 7220)

    • Creates files or folders in the user directory

      • Google Drive.exe (PID: 7616)

    • Create files in a temporary directory

      • Google Drive.exe (PID: 7616)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

AsyncRat

(PID) Process(7808) GoogleDrive.exe
C2 (22)indusedgeengg.sa.com
www.indusedgeengg.sa.com
cm88casino.com
www.cm88casino.com
cm88-game.site
www.cm88-game.site
m.cm88.casino
cm88.casino
open88-2.site
www.open88-2.site
open88-1.com
www.open88-1.com
aokgfu.sa.com
www.aokgfu.sa.com
voeazul.br.com
www.voeazul.br.com
fly88bi.jp.net
www.fly88bi.jp.net
ecatcu.za.com
www.ecatcu.za.com
cloudfeebacks.in.net
www.cloudfeebacks.in.net
Ports (10)6606
7707
8808
1604
4444
443
80
5555
8080
1337
Version0.5.8
BotnetCloud
Options
AutoRuntrue
Mutex75xBN1Rs0bpP
InstallFolder%AppData%
BSoDfalse
AntiVMfalse
Certificates
Cert1MIIE5DCCAsygAwIBAgIQAOc250/jBXH7PusRfV4KKzANBgkqhkiG9w0BAQ0FADATMREwDwYDVQQDDAhBc3luY1JBVDAgFw0yNTEyMTQxNTM0MjFaGA85OTk5MTIzMTIzNTk1OVowEzERMA8GA1UEAwwIQXN5bmNSQVQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC3hbrOJGE/Ncxr2hD4zwR5WwrlT40PQHZSYRdpnqR2/7/cw8e4m6IS/kPj2TSnF3yYhOkR08loqxZDE8g9vaF8pLg+pyFw...
Server_SignatureW5RTXwr6Y2ikAU0RRKKv0ucERtZkPUfeZxsggPaP8+fk7ECXCGUoJYH9BvmbbpYGNhwDbBcrDZXz3UlPKbb2HmyRPvkyJhB9rE8HW7HJWZV4uwcsQ48AP6sm2p71MTa7SDekA2UxyPvjyFdfW4FkhmWpXg+Kd0dioLHcR4x9QKQjLTsHXQSuuLhx6paBCAg8IulboxmAbkB48p3kvhiQgK3FwG3fIu/HqGcHqonbZis9GFfAqYWoGUmwD83+toUx4tbKcNYjcISnSvR7rQbCHWidp9oIcDYJ+V6RezxW1jx3...
Keys
AES39cd9ddb218abf965cd8c6bfc5388f7fd60161be14e6b5cbc82383fae90a7ed6
Saltbfeb1e56fbcd973bb219022430a57843003d5644d21e62b9d4f180e7e6c33941
No Malware configuration.

TRiD

.exe | Generic CIL Executable (.NET, Mono, etc.) (56.7)
.exe | Win64 Executable (generic) (21.3)
.scr | Windows screen saver (10.1)
.dll | Win32 Dynamic Link Library (generic) (5)
.exe | Win32 Executable (generic) (3.4)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2023:10:16 21:40:53+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 8
CodeSize: 44032
InitializedDataSize: 13312
UninitializedDataSize: -
EntryPoint: 0xcade
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 82.0.4.0
ProductVersionNumber: 82.0.4.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: -
CompanyName: Google LLC
FileDescription: Cloud storage and file synchronization client
FileVersion: 82.0.4.0
InternalName: GoogleDrive.exe
LegalCopyright: © Google LLC
LegalTrademarks: Google, Drive
OriginalFileName: GoogleDrive.exe
ProductName: Google Drive
ProductVersion: 82.0.4.0
AssemblyVersion: 82.0.4.0
No data.
screenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
149
Monitored processes
7
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start google drive.exe cmd.exe no specs conhost.exe no specs timeout.exe no specs #ASYNCRAT googledrive.exe googledrive.exe no specs slui.exe

Process information

PID
CMD
Path
Indicators
Parent process
7220C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
7616"C:\Users\admin\AppData\Local\Temp\Google Drive.exe" C:\Users\admin\AppData\Local\Temp\Google Drive.exe
explorer.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Cloud storage and file synchronization client
Exit code:
0
Version:
82.0.4.0
Modules
Images
c:\users\admin\appdata\local\temp\google drive.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\mscoree.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
7656C:\WINDOWS\system32\cmd.exe /c ""C:\Users\admin\AppData\Local\Temp\tmpEE00.tmp.bat""C:\Windows\SysWOW64\cmd.exeGoogle Drive.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
1
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
7664\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
7716timeout 3 C:\Windows\SysWOW64\timeout.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
timeout - pauses command processing
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\timeout.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
7808"C:\Users\admin\AppData\Roaming\ GoogleDrive.exe" C:\Users\admin\AppData\Roaming\ GoogleDrive.exe
cmd.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Cloud storage and file synchronization client
Version:
82.0.4.0
Modules
Images
c:\users\admin\appdata\roaming\ googledrive.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\mscoree.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
AsyncRat
(PID) Process(7808) GoogleDrive.exe
C2 (22)indusedgeengg.sa.com
www.indusedgeengg.sa.com
cm88casino.com
www.cm88casino.com
cm88-game.site
www.cm88-game.site
m.cm88.casino
cm88.casino
open88-2.site
www.open88-2.site
open88-1.com
www.open88-1.com
aokgfu.sa.com
www.aokgfu.sa.com
voeazul.br.com
www.voeazul.br.com
fly88bi.jp.net
www.fly88bi.jp.net
ecatcu.za.com
www.ecatcu.za.com
cloudfeebacks.in.net
www.cloudfeebacks.in.net
Ports (10)6606
7707
8808
1604
4444
443
80
5555
8080
1337
Version0.5.8
BotnetCloud
Options
AutoRuntrue
Mutex75xBN1Rs0bpP
InstallFolder%AppData%
BSoDfalse
AntiVMfalse
Certificates
Cert1MIIE5DCCAsygAwIBAgIQAOc250/jBXH7PusRfV4KKzANBgkqhkiG9w0BAQ0FADATMREwDwYDVQQDDAhBc3luY1JBVDAgFw0yNTEyMTQxNTM0MjFaGA85OTk5MTIzMTIzNTk1OVowEzERMA8GA1UEAwwIQXN5bmNSQVQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC3hbrOJGE/Ncxr2hD4zwR5WwrlT40PQHZSYRdpnqR2/7/cw8e4m6IS/kPj2TSnF3yYhOkR08loqxZDE8g9vaF8pLg+pyFw...
Server_SignatureW5RTXwr6Y2ikAU0RRKKv0ucERtZkPUfeZxsggPaP8+fk7ECXCGUoJYH9BvmbbpYGNhwDbBcrDZXz3UlPKbb2HmyRPvkyJhB9rE8HW7HJWZV4uwcsQ48AP6sm2p71MTa7SDekA2UxyPvjyFdfW4FkhmWpXg+Kd0dioLHcR4x9QKQjLTsHXQSuuLhx6paBCAg8IulboxmAbkB48p3kvhiQgK3FwG3fIu/HqGcHqonbZis9GFfAqYWoGUmwD83+toUx4tbKcNYjcISnSvR7rQbCHWidp9oIcDYJ+V6RezxW1jx3...
Keys
AES39cd9ddb218abf965cd8c6bfc5388f7fd60161be14e6b5cbc82383fae90a7ed6
Saltbfeb1e56fbcd973bb219022430a57843003d5644d21e62b9d4f180e7e6c33941
8032"C:\Users\admin\AppData\Roaming\ GoogleDrive.exe"C:\Users\admin\AppData\Roaming\ GoogleDrive.exeexplorer.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Cloud storage and file synchronization client
Exit code:
0
Version:
82.0.4.0
Modules
Images
c:\users\admin\appdata\roaming\ googledrive.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\mscoree.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\advapi32.dll
Total events
4 265
Read events
4 264
Write events
1
Delete events
0

Modification events

(PID) Process:(7616) Google Drive.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:writeName: GoogleDrive
Value:
"C:\Users\admin\AppData\Roaming\ GoogleDrive.exe"
Executable files
1
Suspicious files
0
Text files
1
Unknown types
0

Dropped files

PID
Process
Filename
Type
7616Google Drive.exeC:\Users\admin\AppData\Roaming\ GoogleDrive.exeexecutable
MD5:D8AA894BA8F81032496AC509B9FFA1B6
SHA256:4040BCBEB29B512C0BB6A96884D5AFA1E333A7EA1AB3084DB1D9AF932719A05C
7616Google Drive.exeC:\Users\admin\AppData\Local\Temp\tmpEE00.tmp.battext
MD5:DE7CBBEFA95699187C7F9AADBFD0EAFA
SHA256:0DF458F077993F5C765B626817C2FC5984AD2BCB8C987DA1B800D08730D1FA77
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
24
TCP/UDP connections
33
DNS requests
22
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6768
MoUsoCoreWorker.exe
GET
304
20.73.194.208:443
https://settings-win.data.microsoft.com/settings/v3.0/OneSettings/Client?OSVersionFull=10.0.19045.4046.amd64fre.vb_release.191206-1406&LocalDeviceID=s%3ABAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&FlightRing=Retail&AttrDataVer=186&OSUILocale=en-US&OSSkuId=48&App=WOSC&AppVer=&IsFlightingEnabled=0&TelemetryLevel=1&DeviceFamily=Windows.Desktop
unknown
whitelisted
6768
MoUsoCoreWorker.exe
GET
304
20.73.194.208:443
https://settings-win.data.microsoft.com/settings/v3.0/wsd/muse?ProcessorClockSpeed=3094&FlightIds=&UpdateOfferedDays=4294967295&BranchReadinessLevel=CB&OEMManufacturerName=DELL&IsCloudDomainJoined=0&ProcessorIdentifier=AMD64%20Family%2023%20Model%201%20Stepping%202&sku=48&ActivationChannel=Retail&AttrDataVer=186&IsMDMEnrolled=0&ProcessorCores=6&ProcessorModel=AMD%20Ryzen%205%203500%206-Core%20Processor&TotalPhysicalRAM=6144&PrimaryDiskType=4294967295&FlightingBranchName=&ChassisTypeId=1&OEMModelNumber=DELL&SystemVolumeTotalCapacity=260281&sampleId=95271487&deviceClass=Windows.Desktop&App=muse&DisableDualScan=0&AppVer=10.0&OEMSubModel=J5CR&locale=en-US&IsAlwaysOnAlwaysConnectedCapable=0&ms=0&DefaultUserRegion=244&UpdateServiceUrl=http%3A%2F%2Fneverupdatewindows10.com&osVer=10.0.19045.4046.amd64fre.vb_release.191206-1406&os=windows&deviceId=s%3ABAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&DeferQualityUpdatePeriodInDays=0&ring=Retail&DeferFeatureUpdatePeriodInDays=30
unknown
whitelisted
4636
SIHClient.exe
GET
200
52.165.164.15:443
https://fe3cr.delivery.mp.microsoft.com/clientwebservice/ping
unknown
whitelisted
4636
SIHClient.exe
GET
200
20.165.94.63:443
https://slscr.update.microsoft.com/sls/ping
unknown
whitelisted
4636
SIHClient.exe
GET
304
20.165.94.63:443
https://slscr.update.microsoft.com/SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
unknown
whitelisted
1600
svchost.exe
GET
200
20.73.194.208:443
https://settings-win.data.microsoft.com/settings/v3.0/WSD/WaaSAssessment?os=Windows&osVer=10.0.19041.1.amd64fre.vb_release.191206-&ring=Retail&sku=48&deviceClass=Windows.Desktop&locale=en-US&deviceId=BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&FlightRing=Retail&TelemetryLevel=1&HidOverGattReg=C%3A%5CWINDOWS%5CSystem32%5CDriverStore%5CFileRepository%5Chidbthle.inf_amd64_9610b4821fdf82a5%5CMicrosoft.Bluetooth.Profiles.HidOverGatt.dll&AppVer=10.0&ProcessorIdentifier=AMD64%20Family%2023%20Model%201%20Stepping%202&OEMModel=DELL&UpdateOfferedDays=562&ProcessorManufacturer=AuthenticAMD&InstallDate=1661339444&OEMModelBaseBoard=&BranchReadinessLevel=CB&OEMSubModel=J5CR&IsCloudDomainJoined=0&DeferFeatureUpdatePeriodInDays=30&IsDeviceRetailDemo=0&FlightingBranchName=&OSUILocale=en-US&DeviceFamily=Windows.Desktop&WuClientVer=10.0.19041.3996&UninstallActive=1&IsFlightingEnabled=0&OSSkuId=48&ProcessorClockSpeed=3094&TotalPhysicalRAM=6144&SecureBootCapable=0&App=WaaSAssessment&ProcessorCores=6&CurrentBranch=vb_release&InstallLanguage=en-US&DeferQualityUpdatePeriodInDays=0&ServicingBranch=CB&OEMName_Uncleaned=DELL&TPMVersion=0&PrimaryDiskTotalCapacity=262144&InstallationType=Client&AttrDataVer=186&ProcessorModel=AMD%20Ryzen%205%203500%206-Core%20Processor&IsEdgeWithChromiumInstalled=1&OSVersion=10.0.19045.4046&IsMDMEnrolled=0&ActivationChannel=Retail&HonorWUfBDeferrals=1&FirmwareVersion=A.40&TrendInstalledKey=1&OSArchitecture=AMD64&DefaultUserRegion=244&UpdateManagementGroup=2
unknown
text
5.58 Kb
whitelisted
1600
svchost.exe
GET
200
2.16.164.72:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1600
svchost.exe
GET
200
23.52.181.212:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
1600
svchost.exe
GET
200
20.73.194.208:443
https://settings-win.data.microsoft.com/settings/v3.0/WSD/UpdateHealthTools?os=Windows&osVer=10.0.19041.1.amd64fre.vb_release.191206-&sku=48&deviceClass=Windows.Desktop&locale=en-US&deviceId=s:BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&sampleId=s:95271487&appVer=10.0.19041.3626&FlightRing=Retail&TelemetryLevel=1&HidOverGattReg=C%3A%5CWINDOWS%5CSystem32%5CDriverStore%5CFileRepository%5Chidbthle.inf_amd64_9610b4821fdf82a5%5CMicrosoft.Bluetooth.Profiles.HidOverGatt.dll&AppVer=&ProcessorIdentifier=AMD64%20Family%2023%20Model%201%20Stepping%202&OEMModel=DELL&UpdateOfferedDays=562&ProcessorManufacturer=AuthenticAMD&InstallDate=1661339444&OEMModelBaseBoard=&BranchReadinessLevel=CB&OEMSubModel=J5CR&IsCloudDomainJoined=0&DeferFeatureUpdatePeriodInDays=30&IsDeviceRetailDemo=0&FlightingBranchName=&OSUILocale=en-US&DeviceFamily=Windows.Desktop&WuClientVer=10.0.19041.3996&UninstallActive=1&IsFlightingEnabled=0&OSSkuId=48&ProcessorClockSpeed=3094&TotalPhysicalRAM=6144&SecureBootCapable=0&App=SedimentPack&ProcessorCores=6&CurrentBranch=vb_release&InstallLanguage=en-US&DeferQualityUpdatePeriodInDays=0&OEMName_Uncleaned=DELL&TPMVersion=0&PrimaryDiskTotalCapacity=262144&InstallationType=Client&AttrDataVer=186&ProcessorModel=AMD%20Ryzen%205%203500%206-Core%20Processor&IsEdgeWithChromiumInstalled=1&OSVersion=10.0.19045.4046&IsMDMEnrolled=0&ActivationChannel=Retail&FirmwareVersion=A.40&TrendInstalledKey=1&OSArchitecture=AMD64&DefaultUserRegion=244&UpdateManagementGroup=2
unknown
text
1.43 Kb
whitelisted
7164
svchost.exe
POST
200
20.190.159.23:443
https://login.live.com/RST2.srf
unknown
xml
11.1 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
Not routed
whitelisted
1600
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
3176
RUXIMICS.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6768
MoUsoCoreWorker.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:138
Not routed
whitelisted
1600
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
1600
svchost.exe
2.16.164.72:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
1600
svchost.exe
23.52.181.212:80
www.microsoft.com
AKAMAI-AS
US
whitelisted
7808
GoogleDrive.exe
188.114.96.3:1337
cloudfeebacks.in.net
CLOUDFLARENET
US
whitelisted
3412
svchost.exe
172.211.123.250:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.124.78.146
  • 20.73.194.208
whitelisted
google.com
  • 142.251.208.14
whitelisted
crl.microsoft.com
  • 2.16.164.72
  • 2.16.164.49
  • 2.16.164.88
  • 2.16.164.59
  • 2.16.164.40
  • 2.16.164.89
  • 2.16.164.81
  • 2.16.164.82
  • 2.16.164.51
  • 23.55.110.211
  • 23.55.110.193
whitelisted
www.microsoft.com
  • 23.52.181.212
  • 88.221.169.152
whitelisted
cloudfeebacks.in.net
  • 188.114.96.3
  • 188.114.97.3
unknown
client.wns.windows.com
  • 172.211.123.250
whitelisted
login.live.com
  • 20.190.159.23
  • 40.126.31.130
  • 20.190.159.129
  • 40.126.31.131
  • 40.126.31.67
  • 40.126.31.129
  • 20.190.159.130
  • 20.190.159.4
whitelisted
ocsp.digicert.com
  • 184.30.131.245
whitelisted
slscr.update.microsoft.com
  • 20.165.94.63
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 52.165.164.15
whitelisted

Threats

PID
Process
Class
Message
Unknown Traffic
ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Google Drive.exe